Fixing "Invalid algorithm specified" error while calling "SignData" with "2" arguments in Powershell during JEA DiscoveryIssue When setting up the ServiceNow JEAv2 profile it is required to setup a code signing certificate so the MID Server can sign scripts it needs to execute on Windows targets. You may choose to use your own public key infrastructure to generate this certificate, a specific Microsoft Cryptographic Service Provider (CSP) "Microsoft Enhanced RSA and AES Cryptographic Provider" needs to be specified for it to be able to generate the signatures necessary for JEA code signing. If an incompatible CSP is provided in the certificate and you attempt to run discovery using JEA, you will get an error in the MID Server logs when you have debug logging enabled: stdout DEBUG: STDOUT aeea6bb8-629c-4b67-8326-6a43e25f73be: -----START OF STDOUT----- stderr DEBUG: STDERR aeea6bb8-629c-4b67-8326-6a43e25f73be: Exception calling "SignData" with "2" argument(s): "Invalid algorithm specified. stderr DEBUG: STDERR aeea6bb8-629c-4b67-8326-6a43e25f73be: " stderr DEBUG: STDERR aeea6bb8-629c-4b67-8326-6a43e25f73be: At E:\ServiceNow\ServiceNow MID Server\agent\scripts\Powershell\WinRMAPI\JEAUtils\JEAUtils.psm1:54 char:9 stderr DEBUG: STDERR aeea6bb8-629c-4b67-8326-6a43e25f73be: + $sign_data = $global:SNC_jea_disco_cert.PrivateKey.SignData($ ... stderr DEBUG: STDERR aeea6bb8-629c-4b67-8326-6a43e25f73be: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ stderr DEBUG: STDERR aeea6bb8-629c-4b67-8326-6a43e25f73be: + CategoryInfo : NotSpecified: (:) [], MethodInvocationException stderr DEBUG: STDERR aeea6bb8-629c-4b67-8326-6a43e25f73be: + FullyQualifiedErrorId : CryptographicException ReleaseAll releasesCauseThis is due to an incorrect CSP being provided, you can check the current CSP of the .pfx file by using the CertUtil utility on Windows. certutil -p [password] -dump .\wrong_csp.pfx Certificates: Not Encrypted ================ Certificate 0 ================ ================ Begin Nesting Level 1 ================ Element 0: Serial Number: 1a4c3c0367e98b8a4f4d93d5ce522e5f Issuer: CN=jea-disco@servicenow.com NotBefore: 12/5/2022 4:14 PM NotAfter: 12/5/2027 4:24 PM Subject: CN=jea-disco@servicenow.com Signature matches Public Key Root Certificate: Subject matches Issuer Cert Hash(sha1): 1a2805106e0e04ff286a5979b93381733e92879a ---------------- End Nesting Level 1 ---------------- Provider = Microsoft Software Key Storage Provider Private key is NOT plain text exportable Encryption test passed CertUtil: -dump command completed successfully. In this example, the CSP is incorrectly configured as "Microsoft Software Key Storage Provider", follow the resolution to change this CSP without effecting the public & private key of the certificate.ResolutionTo change the CSP on the certificate to Microsoft Enhanced RSA and AES Cryptographic Provider follow these steps, you must have the certificate in a .pfx file as well as the password for the cert to complete these steps: Dump the certificate by using the command "certutil -p [password] -dump cert_file.pfx" Make note of the serial number that is printed in the output, you will need this for a later step. Import the certificate and specify the correct CSP by running the command "certutil -p [password] -csp "Microsoft Enhanced RSA and AES Cryptographic Provider" -importPFX .\cert_file.pfx"Now that the certificate is in the Windows cert store with the correct CSP, export the certificate by running the command "certutil -p [password] -exportPFX [serial_number] new_cert.pfx NoChain,ExtendedProperties" You should have the serial number of the certificate from step 1 Dump the new certificate to confirm that it is showing the correct CSP. "certutil -p [password] -dump new_cert.pfx"You can then delete the certificate from your keystore by running the command "certutil -delStore My [serial_number]" You do not have to do this if you converted the certificate on the MID Server host as the host machine needs the .pfx certificate installed to sign scripts. Related LinksJEA, JEAv2, Discovery, SignData, Invalid algorithm specified