Hello @Stefan ,
On most systems this works as the PFX has a provider specified: "Microsoft RSA SChannel Cryptographic Provider". However on some systems it will still install using the provider: "Microsoft Software Key Storage Provider".
Microsoft RSA SChannel Cryptographic Provider associated with Cryptography API (CryptoAPI). While Microsoft Software Key Storage Provider associated with Cryptography API: Next Generation (CNG). So it seems CNG key storage provider selected instead of CryptoAPI Cryptographic Service Provider on "some systems".
- So one possible solution is via PFXImportCertStore with
PKCS12_PREFER_CNG_KSP
flag because
"PKCS12_PREFER_CNG_KSP indicates that the CNG key storage provider (KSP) is preferred. If the CSP is specified in the PFX file, then the CSP is used...". - Another possible solution is specifies the current user's default cryptographic service provider (CSP) via CryptSetProvider API. (Not tested.)
(Please share the differences between working and non-working systems to narrow down this issue if above solutions don't work for you.)
Note: CryptSetProvider is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Thank you!
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.