Can't import an AES256-SHA256-encrypted PFX certificate
This article provides a workaround for an issue in which you can't import a certificate that uses AES256-SHA256 encryption into certain versions of Windows or Windows Server.
Note
Windows 11, Windows 2019, and later versions of Windows support AES256-SHA256 encrypted PFX files. Therefore, the issue outlined in this article does not apply to these versions of Windows.
Symptoms
On a computer that runs one of the operating systems that's listed in the "Applies to" section, you use the Certificate Import Wizard to import a PFX file that uses AES256-SHA256 encryption. The operation fails and generates a message that resembles the following text:
The password you entered is incorrect.
Cause
The affected versions of Windows and Windows Server don't support AES256-SHA256 encryption for imported PFX files.
Workaround
Use TripleDES-SHA1 encryption for PFX files that you want to import into the affected versions of Windows or Windows Server. Newer versions of Windows and Windows Server support both TripleDES-SHA1 and AES256-SHA256 encryption for PFX files.