0226 | MS Exchange : CryptographicException: Invalid provider type specified
Wednesday, August 2nd, 2017 Posted in Windows Server | 1 Comment »There’s issue when installing/renewing a certificate to MS Exchange.
System.Security.Cryptography.CryptographicException: Invalid provider type specified
This is the explaination (reference: MS Technet > exchange server 2013 > Unable to access ECP/OWA)
The basic problem is that the Exchange code cannot properly handle X.509 certificates signed with the new and mighty Microsoft Software Key Storage Provider (which is kind of funny)
To fix this, do the following step:
- Export the certificate as ‘pfx’ file then remove it from the certificate store.
- Open ‘Exchange Management Shell’
- Type command
certutil -csp "Microsoft RSA SChannel Cryptographic Provider" -importpfx c:\path\to\certificate.pfxnote to change ‘c:\path\to\certificate.pfx’ to the path of your certificate exported from step 1. - Type
certutil -store my, (see sample output below) Check if the ‘Provider = ‘ line is ‘Microsoft RSA SChannel Cryptographic Provider’. Copy the hash after ‘Cert Hash(sha1):’ - Enable the certificate for Exchange. Type
Enable-ExchangeCertificate -thumbprint "00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff 01 23 45 67" -Services "iis,pop,imap,smtp" - Restart IIS.
Serial Number: ************ Issuer: CN=WMSvc-*** NotBefore: 12/24/2014 7:18 PM NotAfter: 12/21/2024 7:18 PM Subject: CN=WMSvc-*** Signature matches Public Key Root Certificate: Subject matches Issuer Cert Hash(sha1): 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff 01 23 45 67 Key Container = WMSvc Certificate Key Container Unique container name: ******************************************* Provider = Microsoft RSA SChannel Cryptographic Provider Encryption test passed
Tags: Exchange Server
