Use this procedure to configure cryptographic policy in Health Registration Authority (HRA). You can configure cryptographic policy by specifying supported asymmetric algorithms, hash algorithms, and cryptographic service providers (CSPs).

Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at https://go.microsoft.com/fwlink/?LinkId=83477.

To configure cryptographic policy using the Windows interface
  1. Open the HRA console.

  2. In the console tree, double-click Request Policy, and then click Cryptographic Policy. Asymmetric Keys Algorithms, Hash Keys Algorithms, and Cryptographic Service Providers are displayed in the details pane.

  3. To specify asymmetric key algorithms, right-click Asymmetric Keys Algorithms, and select Properties. The default selection is Any algorithm.

    • To configure a specific asymmetric algorithm, select Specific algorithms, and then select the check box next to the desired algorithm in the list.

    • To edit the minimum and maximum key length for an algorithm, select the name of the algorithm from the list, and then click Edit. Enter the desired minimum and maximum key lengths, and then click OK.

    When you are finished selecting algorithms, click OK.

  4. To specify hash key algorithms, right-click Hash Keys Algorithms, and select Properties. The default selection is Any algorithm. To configure specific algorithms, select Specific algorithms, select the check box next to the desired algorithm in the list, and then click OK.

  5. To specify cryptographic service providers, right-click Cryptographic Service Providers, and select Properties. The default selection is Any provider. To configure specific providers, select Specific provider, select the check box next to the desired provider in the list, and then click OK.

Additional considerations

  • If you configure request policy settings on your HRA servers, you must configure identical request policy settings on your client computers. If your HRA servers are not configured to use exactly the same asymmetric key algorithm, hash key algorithm, and cryptographic service provider as your client computers, then your client computers will not be able to communicate with your HRA servers. Your client computers could be deemed noncompliant, which will result in limited network access.

Additional references