Microsoft allows a CA to use Cryptography Next Generation (CNG) and advises of incompatibility issuesfor clients that do not support this suite. My intent is to have a general-purpose offline Root-CA and then several Intermediate CAs that serve a specific purpose (MSFT-only vs Unix vs SmartCards etc) What are the ideal settings for a Root Certificate with an expiration of 5, 10, and 15 years? CSP Signing Certificate Key Character Length Since this is a RootCA, do any of the parameters affect low powered CPU (mobile devices) See a more complete version of this question (with images) at http://security.stackexchange.com/q/15532/396

Hi, What are the ideal settings for a Root Certificate with an expiration of 5, 10, and 15 years? >> As this is related confidential information, please take more care of TechNet articles and related technical magazine. Hope this helps! Best regards Elytis Cheng TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Elytis Cheng TechNet Community Support

Hi, What are the ideal settings for a Root Certificate with an expiration of 5, 10, and 15 years? >> As this is related confidential information, please take more care of TechNet articles and related technical magazine. Hope this helps! Best regards Elytis Cheng TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Elytis Cheng TechNet Community Support

as of my own experience - some devices (older OS, mobiles, smart cards) cannot operate/validate with larger RSA keys than 2048 bits. This is my recommandation for all certificates in the chain (root, intermediage, issued etc.). A lot of applications and devices cannot use ECC algorithms. Do not use ECC if you want to be compatible anywhere in the chain. Some older systems (including Windows Server 2003 without a non-public update, even TMG has been reported to have some problems in some instances) cannot validate SHA-2 signatures. If you want to be compatible, do not use SHA-2 anywhere in the whole chain, meaning root as well. Some applications cannot use CNG certificate storage (examples are TLS client in Windows 7, TMG, SQL Server 2008 R2, System Center, etc.). So do not use Certificate Templates v3 (Windows Server 2008 type). ondrej.

as of my own experience - some devices (older OS, mobiles, smart cards) cannot operate/validate with larger RSA keys than 2048 bits. This is my recommandation for all certificates in the chain (root, intermediage, issued etc.). A lot of applications and devices cannot use ECC algorithms. Do not use ECC if you want to be compatible anywhere in the chain. Some older systems (including Windows Server 2003 without a non-public update, even TMG has been reported to have some problems in some instances) cannot validate SHA-2 signatures. If you want to be compatible, do not use SHA-2 anywhere in the whole chain, meaning root as well. Some applications cannot use CNG certificate storage (examples are TLS client in Windows 7, TMG, SQL Server 2008 R2, System Center, etc.). So do not use Certificate Templates v3 (Windows Server 2008 type). ondrej.

Thank you Ondrej for your very thoughtful, concise, and accurate response! I've found supporting information for all your comments. I'm very interested in learning more about what does and doesn't support CNG cert storage. Do you have more information on this?

Thank you Ondrej for your very thoughtful, concise, and accurate response! I've found supporting information for all your comments. I'm very interested in learning more about what does and doesn't support CNG cert storage. Do you have more information on this?

please understand first the term "CNG private key storage" - if you enroll Certificate Template v3, the private key goes into the CNG private key storage on the client computer. If you enroll Certificate Template v2 or v1, the private key goes into CSP storage. The certificates will be visible to all applications in both cases, but not their private keys - so most applications will show the certificate as available, but will not be able to sign or decrypt data with the associated private key unless they support CNG storage. You cannot distinguish between CNG and CSP storages by using the Certificate MMC. If you want to see what storage a particular certificate is using, you must use CERTUTIL -repairstore my * (or CERTUTIL -user -repairstore my *) and take a look at the Provider field. If it is saying "... Key Storage Provider", than it is CNG while all other providers are CSP. If you create the initial certificate request manually (Create Custom Request in MMC), you can select between "CNG Storage" and "Legacy Key" where legacy means CSP. The following is my experience-based list of what does not support CNG - you cannot find an authoritative list anywhere, so this arrises from my investigations over time: EFS Windows 2008/Vista- user encryption certificates VPN/WiFi Client (EAPTLS, PEAP Client) Windows 2008/7- user or computer certificate authentication TMG 2010 server certificates on web listeners Outlook 2003 user email certificates for signatures or encryption Kerberos Windows 2008/Vista- DC certificates System Center Operations Manager 2007 R2 System Center Configuration Manager 2007 R2 SQL Server 2008 R2- Forefront Identity Manager 2010 Certificate Management in the previous list - if I say that EFS is not supported on Windows 2008/Vista-, it means that newer systems than Vista/2008 (thus 7/R2) are the first systems that support CNG for the particular technology. CNG is available only on Windows 2008/Vista and newer, but SCOM nor SCCM 2007 support it regardless OS thay are install on. I haven't time yet to check SQL 2012 nor System Center 2012 so if anybody has any info... ondrej.

one last clarification - CNG storage has nothing to do with the algorithms. If an application does support CNG storage, it does not tell anything about the application's support for newer algorithms. So the sole information about CNG storage support does not mean that the app supports ECC signatures etc. o.

please understand first the term "CNG private key storage" - if you enroll Certificate Template v3, the private key goes into the CNG private key storage on the client computer. If you enroll Certificate Template v2 or v1, the private key goes into CSP storage. The certificates will be visible to all applications in both cases, but not their private keys - so most applications will show the certificate as available, but will not be able to sign or decrypt data with the associated private key unless they support CNG storage. You cannot distinguish between CNG and CSP storages by using the Certificate MMC. If you want to see what storage a particular certificate is using, you must use CERTUTIL -repairstore my * (or CERTUTIL -user -repairstore my *) and take a look at the Provider field. If it is saying "... Key Storage Provider", than it is CNG while all other providers are CSP. If you create the initial certificate request manually (Create Custom Request in MMC), you can select between "CNG Storage" and "Legacy Key" where legacy means CSP. The following is my experience-based list of what does not support CNG - you cannot find an authoritative list anywhere, so this arrises from my investigations over time: EFS Windows 2008/Vista- user encryption certificates VPN/WiFi Client (EAPTLS, PEAP Client) Windows 2008/7- user or computer certificate authentication TMG 2010 server certificates on web listeners Outlook 2003 user email certificates for signatures or encryption Kerberos Windows 2008/Vista- DC certificates System Center Operations Manager 2007 R2 System Center Configuration Manager 2007 R2 SQL Server 2008 R2- Forefront Identity Manager 2010 Certificate Management in the previous list - if I say that EFS is not supported on Windows 2008/Vista-, it means that newer systems than Vista/2008 (thus 7/R2) are the first systems that support CNG for the particular technology. CNG is available only on Windows 2008/Vista and newer, but SCOM nor SCCM 2007 support it regardless OS thay are install on. I haven't time yet to check SQL 2012 nor System Center 2012 so if anybody has any info... ondrej.

one last clarification - CNG storage has nothing to do with the algorithms. If an application does support CNG storage, it does not tell anything about the application's support for newer algorithms. So the sole information about CNG storage support does not mean that the app supports ECC signatures etc. o.

Thanks for the info! Can MSFT put up a Technet Wiki page with this information? Edit .: or do we have the ability to?

I included this information on my summary notes at: http://security.stackexchange.com/q/15532/396

I included this information on my summary notes at: http://security.stackexchange.com/q/15532/396

hi, thanks. would you be able to back-reference also my own blog post on the topic? I may do the same :-) http://www.sevecek.com/Lists/Posts/Post.aspx?ID=40 o.

hi, thanks. would you be able to back-reference also my own blog post on the topic? I may do the same :-) http://www.sevecek.com/Lists/Posts/Post.aspx?ID=40 o.

Updated link :) Thanks!

Updated link :) Thanks!