Error "CryptographicException: Invalid provider type specified."

I created the self-sign certificate using PowerShell something like below New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "stage-federation-2020.sp.test.com" -FriendlyName "stage-federation-2020.sp.test.com" -NotAfter (Get-Date).AddYears(5) -KeyAlgorithm RSA -KeyLength 2048 -Subject "CN=stage-federation-2020.sp.test.com,OU=Servers,O=ABC Inc.,L=CityName,S=StateNamehere,C=CountryNameHere" from MMC console, I exported as xxx.cer and xxx.pfx. I did below and getting an error while signing the certificate // Sign the authentication request. X509Certificate2 spCert = new X509Certificate2(SamlServiceProvidersPath spCertificateToUseForIdp.PrivateKeyFileName, spCertificateToUseForIdp.PrivateKeyPassword, X509KeyStorageFlags.MachineKeySet); authnRequest.Sign(spCert); What found out that xxx.pfx contains a key which is valid for new cert x509.v3 not for x509.v2 we generally use. Questions: 1. How can you sign the request with this type of certificate? If not, why? 2. what is the workaround to create self-signed certificates which work here.

We use .NET methods to sign the certificates. I would recommend using the V2 one instead.