I got a request from a custumer to install ADCS using ECDSA while using a specific ECC curve for the keys (bp384r1). This curve is not listed in the ADCS installation process when creating a new key and choosing the CSP (Only the NIST ECDSA_P384 is there).
I am able to create a leaf certificate by specifing the key algorithm and CSP as 'ECDSA_brainpoolP384r1,Microsoft Software Key Storage Provider'. However this is not displayed in the ADCS installation GUI.
I also tried adding these lines to capolicy.inf before installing the CA but with no success...:
[NewRequest]
KeyAlgorithm=ECDSA_brainpoolP384r1
ProviderName="Microsoft Software Key Storage Provider"
Is there a way to limit the KSP key algortihm to a specific list, Or to change the default ECC curves choosen? Or tell ADCS to use the specific Key Algorithm I want?
Would appriciate any help with this - Thanks!
Unfortunately, Microsoft ADCS limits its supported keys to common NIST curves and don't allow to use Brainpool curves. If you manage to supply a certificate with non-supported curve, installer won't accept it. And there is no any workaround I could think of and which would work.