Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000124734

Fix Invalid Provider Type Specified in Dell Security Management

Summary: Resolve error Invalid provider type specified when attempting to install the Dell Security Management Server software or importing a new certificate in the Server Configuration Tool.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

Affected Products:

  • Dell Security Management Server
  • Dell Data Protection | Enterprise Edition

Affected Versions:

  • v10.2.11 and Earlier

Cause

Dell Security Management Server versions 10.2.11 and earlier does not implement the Cryptography API: Next Generation (CNG). Because of this, these versions of Dell Encryption cannot import or use private keys that are stored using the Microsoft Key Storage Provider.

Resolution

The private key must be switched from the Microsoft Key Storage Provider to a Legacy Cryptographic Service Provider.

Validate the certificate provider type using certutil.

Example command: certutil -store my

Certutil -store my
Figure 1: (English Only) Certutil -store my

This problem occurs if the provider is a Microsoft Software Key Storage Provider.

Export the certificate and private key in a PKCS#12 (PFX) format using the Certificates snap-in in the Microsoft Management Console (MMC). The PFX should be exported with Include all certificates in the certification path if possible and Export all extended properties checked.

OpenSSL contains a method to alter the Cryptographic Service Provider. A copy of OpenSSL is included with the Dell Data Protection | Enterprise Server installation beginning with v7.2. The binaries are in <INSTALL_PATH>\Dell\Enterprise Edition\OpenSSL\bin.

Change the directory to the directory containing the OpenSSL binaries.

Example command: cd C:\Program Files\Dell\Enterprise Edition\OpenSSL\bin

Use OpenSSL to convert the PFX to PEM format.

Example command: openssl pkcs12 -in C:\Temp\KSP-pfx.pfx -out C:\Temp\OpenSSL-pem.pem

pkcs12 -in C:\Temp\KSP-pfx.pfx -out C:\Temp\OpenSSL-pem.pem
Figure 2: (English Only) openssl pkcs12 -in C:\Temp\KSP-pfx.pfx -out C:\Temp\OpenSSL-pem.pem

Provide the full path to the previously exported PFX to the -in parameter. Provide a full path to a new file for the PEM output to the "-out" parameter. OpenSSL creates the file that is specified in the "-out" parameter.

When prompted for Enter Import Password: Use the password for the PFX specified during export.

When prompted for Enter PEM pass phrase: And Verifying - Enter PEM pass phrase: Enter either the same password as the PFX export password or a new password for use in the next step.

Use OpenSSL to convert the new PEM back to the PFX format with a different CSP specified.

Example command: openssl pkcs12 -export -in C:\Temp\OpenSSL-pem.pem -out C:\Temp\CSP-pfx.pfx -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"

openssl pkcs12 -export -in C:\Temp\OpenSSL-pem.pem -out C:\Temp\CSP-pfx.pfx -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
Figure 3: (English Only) openssl pkcs12 -export -in C:\Temp\OpenSSL-pem.pem -out C:\Temp\CSP-pfx.pfx -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"

Provide the full path to the previously create PEM to the "-in" parameter. Provide a full path to a new file for the PFX output to the "-out" parameter. OpenSSL creates the file that is specified in the "-out" parameter. The -CSP parameter accepts a name of a Microsoft Cryptographic Service Provider that is associated with the CryptoAPI (https://msdn.microsoft.com/en-us/library/windows/desktop/bb931357(v=vs.85).aspx) This hyperlink is taking you to a website outside of Dell Technologies..

Note:
  • The CSP portion of the -CSP parameter is case-sensitive. Using lowercase -csp causes the command to fail.
  • The Microsoft Enhanced RSA and AES Cryptographic Provider is a suggestion and not the only CSP available for use.

When prompted for "Enter pass phrase for <PEM_FILE>:" Use the password for the PEM specified during the PEM generation step.

When prompted for the Enter Export Password: and Verifying - Enter Export Password: enter either the same password as the original PFX export password or a new password for use with the resulting PFX file.

Delete the previous certificate from the Local Computer’s Personal store using the Certificates snap-in in the Microsoft Management Console (MMC).

Import the PFX generated with OpenSSL to the Local Computer’s Personal store using the Certificates snap-in in the Microsoft Management Console (MMC). The PFX should be imported with Mark this key as exportable. And Include all extended properties.

Validate the certificate provider type using certutil.

Example command: certutil -store my

certutil -store my
Figure 4: (English Only) certutil -store my

Use the Configure Certificates…, Import DM Certificate…, and Import Identity Certificate… menu options in the Server Configuration Tool to associate the new certificate to the Dell Core Server and import the new PFX to the DDP database.

Note: If an error occurs stating Keyset does not exist, export a new PFX from the Microsoft Management Console (MMC) after importing the version output by OpenSSL.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Article Properties

Affected Product

Dell Encryption

Last Published Date

17 Jun 2024

Version

12

Article Type

Solution

Back to Top