CryptographicException: Invalid provider type specified (4373356)

After the installation or the certificate's update in the AppServer, all the HTML5 applications fails the logon with the error: System.Security.Cryptography.CryptographicException: Invalid provider type specified.

The error started occurring frequently after the Windows 10 Anniversary Update.

OR

The certificate was created using the new CNG (Crypto-Next Generation) API instead of the classic crypto CAPI. Identity Manager currently only supports certificates generated by the CAPI.

WORKAROUND 1

Give the account running the application pool permissions to the private key of the certificate. 

1. Open the Certificate Snap-In in an MMC window
2. Locate the new Application Server certificate
3. Right click, select "Tasks" | "Manage Private Keys"
4. Click the Locations button and select the Computer name where the site runs
5. In the textbox Enter the object names to select type in "IIS AppPool\" followed by the name of the application pool being used for this site, for example "IIS AppPool\<applicationpoolname>"
6. Select OK and then assign permissions Read & execute and modify for user "<applicationpoolname>" (this is the name of the application pool).

WORKAROUND 2

Change the permissions for the users on the web application's parent folder (by default C:\inetpub\wwwroot) and apply the changes.

1. Proceed to revoke/roll-back the changes and apply again.

WORKAROUND 3

Recreate the certificate using the classic crypto CAPI.