Yes. The Pega Robotic Automation Security Token Service does not support CNG (Cryptography Next Generation) certificates.
There are two ways to determine if a certificate is a CNG certificate:
- Do a p/invoke of CertGetCertificateContextProperty, and inspect dwProvType on the returned CertGetCertificateContextProperty.
- Use the certutil command from the command line to query the certificates.
If the ProviderType (rgProvParam) and KeySpec (dwKeySpec) are zero (0), it is a CNG private key. Here is the format of the command that you would use to list the certificate properties:
certutil -v -store [StoreName]
For example, use the following command:
certutil -v -store my