Configure HRA Cryptographic Policy

  • Article

Applies To: Windows Server 2008, Windows Server 2012

Use this procedure to configure cryptographic policy in Health Registration Authority (HRA). You can configure cryptographic policy by specifying supported asymmetric algorithms, hash algorithms, and cryptographic service providers (CSPs).

Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at https://go.microsoft.com/fwlink/?LinkId=83477.

To configure cryptographic policy using the Windows interface

  1. Open the HRA console.

  2. In the console tree, double-click Request Policy, and then click Cryptographic Policy. Asymmetric Keys Algorithms, Hash Keys Algorithms, and Cryptographic Service Providers are displayed in the details pane.

  3. To specify asymmetric key algorithms, right-click Asymmetric Keys Algorithms, and select Properties. The default selectionis Any algorithm. To configure a specific asymmetric algorithm, select Specific algorithms, and then select the check box next to the desired algorithms in the list. To edit the minimum and maximum key length for an algorithm, select the name of the algorithm from the list, and then click Edit. Enter the desired minimum and maximum key lengths, and then click OK. When you are finished selecting algorithms, click OK.

  4. To specify hash key algorithms, right-click Hash Keys Algorithms, and select Properties. The default selectionis Any algorithm. To configure specific algorithms, select Specific algorithms, select the check box next to the desired algorithms in the list, and then click OK.

  5. To specify cryptographic service providers, right-click Cryptographic Service Providers, and select Properties. The default selection is Any provider. To configure specific providers, select Specific provider, select the check box next to the desired providers in the list, and then click OK.

Additional considerations

  • If you configure request policy settings on your HRA servers, you must configure identical request policy settings on your client computers. If your HRA servers are not configured to use exactly the same asymmetric key algorithm, hash key algorithm, and cryptographic service provider as your client computers, then your client computers will not be able to communicate with your HRA servers. Your client computers could be deemed noncompliant, which will result in limited network access.

See Also

Concepts

Understanding HRA Request Policy