{"id":5818,"date":"2022-07-07T08:11:50","date_gmt":"2022-07-07T08:11:50","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=5818"},"modified":"2022-07-07T08:14:45","modified_gmt":"2022-07-07T08:14:45","slug":"openssl-server-2012-verifying-enter-export-password","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/openssl-server-2012-verifying-enter-export-password","title":{"rendered":"OpenSSL Server 2012 – Verifying – Enter Export Password"},"content":{"rendered":"

I believe this only affects server 2012 but I\u2019m documenting in here so I can look it up later.<\/p>

I use Openssl to create CSRs and merge my private key to my new certificate from digicert, this way I can reformat, keep a copy of everything separately and use it easily elsewhere.\u00a0<\/p>

I usually merge my new certificate from digicert and my private key with this common command;<\/p>

OpenSSL.exe pkcs12 \u2013export \u2013in certfile.cer \u2013inkey certfile.key \u2013out certfile.pfx<\/p>

And twice now I\u2019ve been getting errors when importing it to server 2012 servers where it tells me the import password is incorrect, even if I don\u2019t use a password.<\/p>

By using another non server 2012 server and use user security<\/i>\u00a0rather than\u00a0Password security<\/i>, which works IF the site has other non 2012 servers<\/p>

\"\"<\/p>

\u00a0<\/p>

I\u2019ve found this article\u00a0https:\/\/serverfault.com\/questions\/1097326\/windows-certificate-import-not-accepting-private-key-password#:~:text=I%20finally%20found,import%20worked%20fine<\/a>.<\/p>

And apparently, windows doesn\u2019t like the default OpenSSL encryption,<\/p>

And instead, merge the certs with this command;<\/p>

openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac\u00a0\u2013in certfile.cer \u2013inkey certfile.key \u2013out certfile.pfx<\/p>

Windows will be much happier, I\u2019m sure this is very useful for all the windows 2012 servers still out there.<\/p>","protected":false},"excerpt":{"rendered":"

I believe this only affects server 2012 but I\u2019m documenting in here so I can look it up later.I use Openssl to create CSRs and merge my […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[3829],"class_list":["post-5818","post","type-post","status-publish","format-standard","hentry","category-research","tag-verifying-enter-export-password"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/5818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=5818"}],"version-history":[{"count":2,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/5818\/revisions"}],"predecessor-version":[{"id":5823,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/5818\/revisions\/5823"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=5818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=5818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=5818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}