Nitrokey HSM with ADCS


#1

I was wondering if anybody has used Nitrokey HSM with Active Directory Certificate Services (ADCS). I am trying to install a Standalone Root CA on Windows Server 2016 using the HSM. I have installed the OpenSC software and initialized the HSM.

When I go through the ADCS Certificate Authority installation, I am able to select OpenSC CSP as the cryptographic provider for the new key. After the final step, I get prompted for the Pin, and then the install fails with the message

An error occurred when creating the new key container “XXX CA”. You do not have write access permission to the key container. Please use a different CA name.
Object already exists. 0x8009000f (-2146893809): Object already exists. 0x8009000f (-2146893809 NTE_EXISTS)

It is very similar to this error


I do have the AllowAdministratorInteraction option set, which appears to be the new name of the needed setting in Windows 2016