I have a Network Device Enrollment Service running on a MS Windows Server 2016 machine. I want to use it for certificate signing requests with SCEP. However, when I query the capabilities of the server it returns that 3DES is the strongest cipher algorithm that it supports. The client library is expecting to use AES.
I've tried multiple things to configure the server to support AES, including changing some registry settings:
[HLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\<Your CA Common Name>\EncryptionCSP]
EncryptionAlgorithm (0x6603 -> 0x6610)
CNGEncryptionAlgorithm (3DES -> AES)
But that didn't seem to have any effect. Can anyone shed light on what I'm missing?