August 2nd, 2017 by icez | Posted in Windows Server | 1 Comment »
There’s issue when installing/renewing a certificate to MS Exchange.
System.Security.Cryptography.CryptographicException: Invalid provider type specified
This is the explaination (reference: MS Technet > exchange server 2013 > Unable to access ECP/OWA)
The basic problem is that the Exchange code cannot properly handle X.509 certificates signed with the new and mighty Microsoft Software Key Storage Provider (which is kind of funny)
To fix this, do the following step:
- Export the certificate as ‘pfx’ file then remove it from the certificate store.
- Open ‘Exchange Management Shell’
- Type command
certutil -csp "Microsoft RSA SChannel Cryptographic Provider" -importpfx c:\path\to\certificate.pfx note to change ‘c:\path\to\certificate.pfx’ to the path of your certificate exported from step 1.
- Type
certutil -store my, (see sample output below) Check if the ‘Provider = ‘ line is ‘Microsoft RSA SChannel Cryptographic Provider’. Copy the hash after ‘Cert Hash(sha1):’
- Enable the certificate for Exchange. Type
Enable-ExchangeCertificate -thumbprint "00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff 01 23 45 67" -Services "iis,pop,imap,smtp"
- Restart IIS.
Serial Number: ************
Issuer: CN=WMSvc-***
NotBefore: 12/24/2014 7:18 PM
NotAfter: 12/21/2024 7:18 PM
Subject: CN=WMSvc-***
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff 01 23 45 67
Key Container = WMSvc Certificate Key Container
Unique container name: *******************************************
Provider = Microsoft RSA SChannel Cryptographic Provider
Encryption test passed
Tags: Exchange Server
