This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 61%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Our AD Team has recently updated Certificate Templates to make use of KSP as per recommendations from Microsoft.
However all our SCOM Gateway Cert renewals are failing as it seems SCOM does not support KSP.
Does anyone know if Microsoft plan to fix this and if so, when?
Thanks
Andrew
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
Hi,
It appears that there is a known issue with SCOM (System Center Operations Manager) not supporting KSP (Key Storage Providers), which are recommended for use with newer ciphers like ECDSA P384. This is due to SCOM's reliance on the older CSP (Cryptographic Service Provider) that supports older ciphers (SHA-1, SHA-256, SHA-512) and the requirement for KeySpec to be set to 1, which is not compatible with KSP where KeySpec must be 0.
As for the plans to address this issue, I found a Microsoft Learn article that clearly states that Cryptography API Key Storage Provider (KSP) is not supported for Operations Manager certificates. This suggests that there has been no update or change in the support for KSP in SCOM as of the latest information available in the article dated April 10, 2024.