Invalid provider type specified. CryptographicException

Question

I am trying to run the script GetAppConfigSettings.ps1 from Microsoft docs help setting up a Key Vault

The script contains the following

# **********************************************************************************************
# Prep the cert credential data
# **********************************************************************************************
$certificateName = "$applicationName" + "cert"
$myCertThumbprint = (New-SelfSignedCertificate -Type Custom -Subject "$certificateName"-KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Provider "Microsoft Enhanced Cryptographic Provider v1.0" ).Thumbprint
$x509 = (Get-ChildItem -Path cert:\CurrentUser\My\$myCertthumbprint)
$password = Read-Host -Prompt "Please enter the certificate password." -AsSecureString

# Saving the self-signed cert and pfx (private key) in case it's needed later
Export-Certificate -cert $x509 -FilePath ".\$certificateName.cer"
Export-PfxCertificate -Cert $x509 -FilePath ".\$certificateName.pfx" -Password $password

Running the script ( after setting the variables) produces the following error

New-SelfSignedCertificate : CertEnroll::CX509Enrollment::_CreateRequest: Provider type not defined. 
0x80090017 (-2146893801 NTE_PROV_TYPE_NOT_DEF)
At \\tsclient\E\EShared\Dev\Microsoft.Azure.KeyVault.Samples-2016.11.22 
(1)\Microsoft.Azure.KeyVault.Samples\scripts\GetAppConfigSettings.ps1:38 char:22
+ ... umbprint = (New-SelfSignedCertificate -Type Custom -Subject "$certifi ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-SelfSignedCertificate], Exception
    + FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.NewSelfSignedC 
   ertificateCommand

[Update]

Microsoft Support advised me to change the provider to "Microsoft Platform Crypto Provider"

However I still get the error.

For Powershell, $PSVersionTable reports 5.1.17134.112

I have Version 5.7.0 of AzureRM installed

Answer 1

Microsoft support helped me out with this line

$myCertThumbprint = (New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My
-subject MyCert -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(10) 
-Type CodeSigningCert -KeySpec Signature).Thumbprint

The AuthClientId and AuthCertThumbprint values I need for the HelloKeyVault app.config are created.

The AuthClientId displays in the portal as the Application ID and is vissible in the Registered app settings.

To get to it click Azure Active Directory -> App registrations Then click View all applications click on the application then settings

To see the Thumbprint doe the same and then click Keys

I can see AuthClientId

Answer 2

Please use this sample to learn how to use Key Vault with DotNet and authenticate to Azure Active Directory with a Service Principal's Certificate https://github.com/Azure-Samples/key-vault-dotnet-quickstart