I getting this error when trying to load a .p12 certificate in .Net 7:
System.Security.Cryptography.CryptographicException: 'The specified network password is not correct.'
With this code:
var certs = new X509Certificate2Collection();
certs.Import(certBytes, password);
And after a some mailing with the support of the service provider i try to connect to with the server certificate i got a new certificate that works fine.
They saying that the first one giving "network password is not correct" was created in new version of OpenSSL with AES-256-CBC and the new one working is done with with OpenSSL 1.1.1 and pbeWithSHA1And40BitRC2-CBC but both is created from same original pem and key files.
Anyone having a idea why i can not load in .Net 7 the certificate created with new OpenSSL and AES-256-CBC ?
Windows support for AES-256-CBC in a PFX seems to have been added in Windows 10-1709. So it will fail if you are using Windows Server 2016 (as only the "1607" variant of 2016 is still in support).
Until 2023, .NET on Windows never looked at a PFX, just sent it down to the OS; but in the cases where .NET does look at the PFX it supports the modern algorithms, regardless of the Windows version. (Depending on the specific .NET version and the specific PFX, that might make your PFX accidentally work Windows Server 2016... but, in general, it won't)