From e28d194facfe58f3eee7fda505478fa9366ba731 Mon Sep 17 00:00:00 2001 From: Nicole Rappe Date: Fri, 11 Jul 2025 18:28:01 -0600 Subject: [PATCH] Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md --- .../Roles/Active Directory Certificate Services/Deployment.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md index 8197893..c3e91f3 100644 --- a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md +++ b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md @@ -40,6 +40,7 @@ This document outlines the Microsoft-recommended best practices for deploying a - Check the "**Root CA** radio box then click "**Next**" - Check the "**Create a new private key**" radio box then click "**Next**" - Click the dropdown menu for "**Select a crypotographic provider**" and ensure that "**RSA#Microsoft Software Key Storage Provider**" is selected + - *Microsoft Software Key Storage Provider (KSP) is the latest, most flexible provider designed to work with the Cryptography Next Generation (CNG) APIs. It offers better support for modern algorithms and improved security management (such as support for key attestation, better hardware integration, and improved key protection mechanisms).* - Set the key length to `4096` - Set the hash algorithm to `SHA256` - Click "**Next**"