This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I trying to import a new certificate in server 2012 and says password incorrect, but the passworsd is correct. I have no problems importing this certificate on server 2019.
I have seen in some forums that the problem is that 2012 does not support the encryption that some new certificates have, is correct ?
How can i solve my problem?
Thanks.
Finally i got it using OpenSSL:
You have to export .key and .cer from your certificate.
An them you have to create a new pfx with this command:
openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -inkey exported.key -in exported.crt -out New.pfx
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 3%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPJ%3C/text%3E%3C/svg%3E)
Hi RAN55.
I faced the same issue with a p12 certificate on Windows Server 2008 and your post saved my day, and my night :=) !! thank you very much!
Pascal
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 88%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Thanks RAN55, it helps a lot.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 26%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
you've just restored my sanity. Thank you very much sir :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 38%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEF%3C/text%3E%3C/svg%3E)
Not sure if this could help anyone, in my case I noticed a difference when exporting the cert in mmc to pfx, it allows you to set a password, but also the encryption level. So when exporting it on server 2019 or higher, make sure to select sha1 for 2016 and lower. I ended up exporting 2 versions, one with sha1 and one with sha256. This section only seems to apply to the password, which is why the sha256 password can't be read on a sha1 system.
Hi Ran,
Seems like a known issue the fix is suppose to export the key from the working server with exportable keys and import on the Windows 2012 Server.
Solution: Import the .pfx into a newer version of Windows (Like Windows 10 or 2016) . This is important. While you import process, mark the certificate as exportable. This allows you to export the certificate afterwards with the older Triple-DES-SHA1 algorithm or/and with no password to protect the key.
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
I also tried that solution and doesnt work, it keep saying password incorrect.
And i cant export the certificate without password:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 20%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
Other than having to set a password, this solution works
No more help ? microsoft oficial forum ?
The Q&A does have a few MS staff providing answers, however, the majority is people providing help on their own time. If you do want an official answer it would be best to log a support call with Microsoft.
Gary.
Thank you Gary, you have been a great help