OpenSSL Server 2012 – Verifying – Enter Export Password

I believe this only affects server 2012 but I’m documenting in here so I can look it up later.

I use Openssl to create CSRs and merge my private key to my new certificate from digicert, this way I can reformat, keep a copy of everything separately and use it easily elsewhere. 

I usually merge my new certificate from digicert and my private key with this common command;

OpenSSL.exe pkcs12 –export –in certfile.cer –inkey certfile.key –out certfile.pfx

And twice now I’ve been getting errors when importing it to server 2012 servers where it tells me the import password is incorrect, even if I don’t use a password.

By using another non server 2012 server and use user security rather than Password security, which works IF the site has other non 2012 servers

 

I’ve found this article https://serverfault.com/questions/1097326/windows-certificate-import-not-accepting-private-key-password#:~:text=I%20finally%20found,import%20worked%20fine.

And apparently, windows doesn’t like the default OpenSSL encryption,

And instead, merge the certs with this command;

openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac –in certfile.cer –inkey certfile.key –out certfile.pfx

Windows will be much happier, I’m sure this is very useful for all the windows 2012 servers still out there.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...