Active Directory Federation Services – Certificate Error ‘CNG Key’

KB ID 0001129

Problem

When installing the Active Directory Federation Services Role, you need to supply a certificate. I was running this up using a self signed wildcard certificate when this happened;

The certificate with the specified thumbprint {thumbprint} has a Cryptographic Next Generation (CNG) private key. The certificates with the CNG private key are not supported. Use a certificate based on a key pair generated by a legacy Cryptographic Service Provider.

Solution

I was generating a wildcard certificate using this method. By default it uses the CNG Key, you need to specify  Legacy Key instead, (I’ve updated the post mentioned above to point out where that’s done).

Related Articles, References, Credits, or External Links

NA