Skip to content

Latest commit

 

History

History
21 lines (13 loc) · 1.13 KB

File metadata and controls

21 lines (13 loc) · 1.13 KB

Installing Microsoft Active Directory Certificate Services with YubiHSM Key Storage Provider

Once the YubiHSM Key Storage Provider has been installed and configured, the AD CS Certification Authority can be installed.

When the cryptographic provider is configured to "RSA#YubiHSM Key Storage Provider", the private key for the CA will be generated and stored on the connected YubiHSM2 device.

Install the CA with the desired options, either using Server Manager, or PowerShell.

If using PowerShell

Include the "-CryptoProviderName" parameter and supply "RSA#YubiHSM Key Storage Provider" as the parameter value.

For example:

Install-AdcsCertificationAuthority -CAType EnterpriseRootCa -CryptoProviderName "RSA#YubiHSM Key Storage Provider" -KeyLength 2048 -HashAlgorithmName SHA256 -ValidityPeriod Years -ValidityPeriodUnits 5

If using Server Manager

On the Cryptography for CA page, under select a cryptographic provider, select "RSA#YubiHSM Key Storage Provider" from the drop down list:

CA Installation GUI, Cryptography for CA page