All geek questions in one place

What is wrong with this pkcs12 (pfx) file

I created my private CA and generated the pkcs12 certificate file for testing, I did this in my Linux box with openssl:

  • (1) openssl req -config / etc / openssl.cnf -subj / CN = aa1 @ 2C / O = Ruckus Wireless, Inc./ST=CA/C=US -batch -new -nodes - users /2C.key - out users / 2C.csr
  • (2) openssl ca -config / etc / openssl.cnf -extensions client_cert -batch -in users / 2C.csr -out users / 2C.crt
  • (3) openssl pkcs12 -export -out users / 2C.pfx-users-users / 2C.key -in users / 2C.crt -certfile cacert.pem -passout stdin

after that, I will copy the 2c.pfx file on the Windows 7 machine and try to install it, but the error message is: Invalid public key security object file: This file is not valid for use as the following: Exchange of personal information.

What is the reason for this? did i create the wrong pfx file?

+6
source share
1 answer

This is somewhat obscure (I never think of it, but hey ...). First, make sure you import the certificate into the proper store. Most of the import errors that I encountered are related to incorrect storage. I believe that you need to install the certificate in the local storage of trusted root certification authorities (intermediary certification authorities do not work). If this is not a store problem ....

Secondly, try this on the Microsoft forums. Cannot import certificate (p12 or pfx file) . (I reproduced it in case Microsoft is rebuilding its site, but, to be clear, its another solution):

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

By the way, I think you can check if it is well-formed according to Microsoft tools with the following. I don’t have a Windows machine to test it with.

 certutil -dump 2C.pfx
0
source

Source: https://habr.com/ru/post/920203/

More articles:


All Articles