Specifying a cryptographic service provider
|
To specify a cryptographic service provider by using the Windows interface |
-
To open the NAP Client Configuration console, click Start, click All Programs, click Accessories, click Run, type NAPCLCFG.MSC, and then click OK.
-
Open Health Registration Settings, and click Request Policy.
-
Right-click Cryptographic Service Provider, and then click Properties.
-
In the Cryptographic Service Provider Properties dialog box, click Specific, and then click the cryptographic service provider you want to use.
Additional considerations
- To perform this procedure, you must be a
member of the Administrators group on the local computer, or you
must have been delegated the appropriate authority. If the computer
is joined to a domain, members of the Domain Admins group might be
able to perform this procedure. As a security best practice,
consider using Run as to perform this procedure.
- If you configure request policy settings on
your client computers, you must configure identical request policy
settings on your Health Registration Authority (HRA) servers. If
your HRA servers are not configured to use exactly the same
asymmetric key algorithm, hash key algorithm, and cryptographic
service provider as your client computers, then your HRA servers
will not be able to communicate with your client computers. Your
client computers might be determined to be noncompliant and their
network connectivity might be limited.
|
|
To specify a cryptographic service provider by using a command line |
-
To open a command prompt, click Start, click All Programs, click Accessories, and then click Command Prompt.
-
Type the following to obtain a list of the cryptographic service providers that are supported on the client computer: netsh nap client show csps
-
Type: netsh nap client set csp name = <name> keylength = <keylength>
The following table provides a guideline for the placeholder text in the Netsh command.
| Placeholder | Possible Values | Description |
|---|---|---|
|
<name> |
Any supported cryptographic service provider. |
The name of the cryptographic service provider you want to use to encrypt communication between a client computer and an HRA server. |
|
<keylength> |
Any integer. (Optional) |
Specifies the length of the asymmetric key. The default is 2048. |
Additional considerations
- To perform this procedure, you must be a
member of the Administrators group on the local computer, or you
must have been delegated the appropriate authority. If the computer
is joined to a domain, members of the Domain Admins group might be
able to perform this procedure. As a security best practice,
consider using Run as to perform this procedure.
- If you configure request policy settings on
your client computers, you must configure identical request policy
settings on your HRA servers. If your HRA servers are not
configured to use exactly the same asymmetric key algorithm, hash
key algorithm, and cryptographic service provider as your client
computers, then your HRA servers will not be able to communicate
with your client computers. Your client computers might be
determined to be noncompliant and their network connectivity might
be limited.