Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Active Directory Certificate Services (AD CS) supports Module-Lattice-Based Digital Signature Algorithm (ML-DSA), a National Institute of Standards and Technology (NIST)-standardized post-quantum digital signature algorithm designed to resist quantum computing attacks. ML-DSA is a signature-only algorithm and doesn't support encryption or key exchange. You can configure certification authorities (CAs), certificate templates, and Online Responders (OCSP) to use ML-DSA for signing operations.
Supported ML-DSA parameter sets
AD CS supports all three ML-DSA parameter sets, all in pure mode.
| Parameter set | Public key | Private key | Signature | NIST security level |
|---|---|---|---|---|
| ML-DSA-44 | 1,312 bytes | 2,560 bytes | 2,420 bytes | Level 2 |
| ML-DSA-65 | 1,952 bytes | 4,032 bytes | 3,309 bytes | Level 3 |
| ML-DSA-87 | 2,592 bytes | 4,896 bytes | 4,627 bytes | Level 5 |
Higher parameter sets provide larger security margins but produce larger keys and signatures. Choose the parameter set that matches your security requirements and bandwidth constraints.
Supported ML-DSA scenarios
AD CS supports ML-DSA across the certificate lifecycle—CA hierarchy setup, leaf certificate issuance, and OCSP response signing. Each scenario links to the corresponding configuration guide.
CA hierarchy
AD CS supports ML-DSA as the signature algorithm for Root, Subordinate, Enterprise, and Standalone CAs. Full post-quantum protection requires ML-DSA signatures across the entire certificate chain. For more information, see Configure a certification authority to use ML-DSA.
Code signing
Configure certificate templates on CAs to issue ML-DSA code signing certificates. For more information, see Configure certificate templates for ML-DSA.
TLS and authentication
Configure Web Server, User, and Computer templates to issue ML-DSA certificates that authenticate servers and clients by using post-quantum signatures. For more information, see Configure certificate templates for ML-DSA.
OCSP response signing
Configure Online Responders with ML-DSA OCSP response signing certificates. For more information, see Configure Online Responders (OCSP) to use ML-DSA.
Note
You can enroll ML-DSA certificates through the Certificates Microsoft Management Console (MMC) snap-in and certreq.exe. Enrollment through the Network Device Enrollment Service (NDES) isn't currently available.
Platform requirements
ML-DSA support requires minimum OS versions for both CA servers and clients.
| Component | Minimum version |
|---|---|
| AD CS servers | Windows Server 2025 with the 2026-05 Security update (KB5087539) or later installed. |
| Client | Windows 11, version 24H2 and version 25H2 with the 2025-10 non-security update (KB5067036) or later installed. |
Important
You must newly install ML-DSA CAs. ML-DSA doesn't support in-place migration of existing CAs. Build a new CA hierarchy in parallel with your existing hierarchy to evaluate and test post-quantum certificate issuance, without disrupting current operations.
Certificate template requirements
All ML-DSA leaf certificate templates - code signing, TLS, user/computer, and OCSP response signing - must meet the following requirements. For configuration steps, see Configure certificate templates for ML-DSA.
| Setting | Requirement |
|---|---|
| Cryptographic provider | Cryptography Next Generation (CNG) Key Storage Provider. Legacy Cryptographic Service Providers (CSPs) aren't supported. |
| Compatibility settings | Set both Certification Authority and Certificate Recipient to Windows Server 2008 or later so that CNG providers appear in the provider list. |
| Request handling - Purpose | Set to Signature. ML-DSA doesn't support encryption. |
| Application Policies (EKU) | Must not include Encrypting File System or Secure E-mail. |
| Key Usage | Must not include Key Encipherment or Key Agreement. |
Note
Not all third-party applications, devices, or services recognize ML-DSA certificates. Validate compatibility in a test environment before deploying to production.