{"id":5818,"date":"2022-07-07T08:11:50","date_gmt":"2022-07-07T08:11:50","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=5818"},"modified":"2022-07-07T08:14:45","modified_gmt":"2022-07-07T08:14:45","slug":"openssl-server-2012-verifying-enter-export-password","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/openssl-server-2012-verifying-enter-export-password","title":{"rendered":"OpenSSL Server 2012 – Verifying – Enter Export Password"},"content":{"rendered":"

I believe this only affects server 2012 but I\u2019m documenting in here so I can look it up later.<\/p>

I use Openssl to create CSRs and merge my private key to my new certificate from digicert, this way I can reformat, keep a copy of everything separately and use it easily elsewhere.\u00a0<\/p>

I usually merge my new certificate from digicert and my private key with this common command;<\/p>

OpenSSL.exe pkcs12 \u2013export \u2013in certfile.cer \u2013inkey certfile.key \u2013out certfile.pfx<\/p>

And twice now I\u2019ve been getting errors when importing it to server 2012 servers where it tells me the import password is incorrect, even if I don\u2019t use a password.<\/p>

By using another non server 2012 server and use user security<\/i>\u00a0rather than\u00a0Password security<\/i>, which works IF the site has other non 2012 servers<\/p>

\"\"<\/p>

\u00a0<\/p>

I\u2019ve found this article\u00a0https:\/\/serverfault.com\/questions\/1097326\/windows-certificate-import-not-accepting-private-key-password#:~:text=I%20finally%20found,import%20worked%20fine<\/a>.<\/p>

And apparently, windows doesn\u2019t like the default OpenSSL encryption,<\/p>

And instead, merge the certs with this command;<\/p>

openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac\u00a0\u2013in certfile.cer \u2013inkey certfile.key \u2013out certfile.pfx<\/p>

Windows will be much happier, I\u2019m sure this is very useful for all the windows 2012 servers still out there.<\/p>","protected":false},"excerpt":{"rendered":"

I believe this only affects server 2012 but I\u2019m documenting in here so I can look it up later.I use Openssl to create CSRs and merge my […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[3829],"class_list":["post-5818","post","type-post","status-publish","format-standard","hentry","category-research","tag-verifying-enter-export-password"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t