PFX import always gives Incorrect password error
I tried to generate a private key and certificate using OpenSSL v3.0.1 on x64 using the command:
"C:\Program Files\OpenSSL\bin\openssl.exe" req -x509 -sha256 -days 7300 -newkey rsa:2048 -keyout ProductPrivate.key -out ProductCertificate.crt
Then I try to package the key and certificate into a single PFX file using the command:
"C:\Program Files\OpenSSL\bin\openssl.exe" pkcs12 -export -out KeyPackage.pfx -inkey ProductPrivate.key -in ProductCertificate.crt -passout pass:superevil -passin pass:secret
Here is the actual screenshot, you can see all steps completes successfully and that you can see the password I set it up with.
I verified that all three files are created:
Next I took the pfx and try to import it into a certificate store of couple of machines, however everywhere I tried, I got the same password incorrect error. I used this same instruction 5 - 6 years ago and everything worked so I don't know what changed? do you happen to know?
The screen below proof that I have the right password for the pfx entered.
I found the answer, this is only issue if I use openssl v. 3.0.1. I test the same steps against openssl 1.1 and the import works.
- brew installation of Python 3.6.1: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
- Coolify with CloudFlared & SSL/TLS HTTPS
- How to setup proper SSL between 2 Scala/Akka web services?
- Send HTTP_1_1_REQUIRED from ASP.NET Core controller
- Composer Curl error 60: SSL certificate problem: unable to get local issuer certificate
- openssl how to check server name indication (SNI)
- How to I deploy nextjs application in a production environment, using ssl?
- TLS client without any server verification
- How can I create a TLS/SSL connection to a mongodb instance on AWS with a certificate made by certificate manager? Health check failed
- Is there a way to get the OpenSSL X509 certificate name that im sending to peer in C++?
- pip always fails ssl verification
- Trust Anchor not found for Android SSL Connection
- How to add self-signed generated certificate to trusted certificates from inside a Java keystore?
- How to force Laravel Project to use HTTPS for all routes?
- Using Keycloak behind a reverse proxy: Could not open Admin loginpage because mixed Content
- Python SSL default context not including TLS 1.1 or SSL 2 ciphers
- How do I switch Docker containers with .NET Blazor applications from HTTP to HTTPS?
- Creating self signed certificate for domain and subdomains - NET::ERR_CERT_COMMON_NAME_INVALID
- javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
- How to simulate non-SNI browsers (without SNI support)?
- How to access phpmyadmin on DDEV Windows 10 pro localhost with SSL record too long error
- cURL with SSL certificates fails: error 58 unable to set private key file
- Specifying Arduino WiFiClientSecure Certificates
- maxscale cannot find gtid_binlog_pos
- FreeSWITCH TLS error in 'Client Hello' Request
- ASP.NET Core Development Certificates - error exporting the HTTPS developer certificate
- I'm unable to change the default TLS options for a Sonatype Nexus server hosted using Docker via Traefik
- Get certificate's public key in the PKCS8 format
- Why is Firefox not trusting my self-signed certificate?
- Difference between pem, crt, key files