Export to .pfx with password

[StefanoAmbrogi]

Hi, I've insert in _certificate -->Advanced --> _Security__ the passaword that I want to use to protect certificate, then in task, I've added the Export Certificate with PFX setting. when executed the task finish correctly, the file was generated in the specified path, but if I take the file to another server and placed in CCS path, the certificate was not recognized. If I go in certlm.msc and export the certificate with the same password, the certificate was correctly recognized. Anyone has the same issue?

[webprofusion-chrisc]

Hi, if you set a default password for the PFX you have click Request Certificate again to fetch the certificate and rebuild the PFX with the new password set. If you just set the default password without re-requesting the cert then the PFX on disk is still one without a password.

When you use certlm to export the cert you as setting the password on your new exported PFX, not the one that Certify knows about.

[StefanoAmbrogi]

Hi, if you set a default password for the PFX you have click Request Certificate again to fetch the certificate and rebuild the PFX with the new password set. If you just set the default password without re-requesting the cert then the PFX on disk is still one without a password.

When you use certlm to export the cert you as setting the password on your new exported PFX, not the one that Certify knows about.

Hi Cristopher, thank you for response. I've set the default password before requesting certificate, but the exported PFX placed in CCS is not recognized. I've also another certificate with same setup with password set, after an automatic renewal the task was correctly executed, but the resulting certificate placed in CCS is not recognized. Could you suggest any other solution? what could I do in order to do further investigation? Thanks in advance.

[webprofusion-chrisc]

Is your other working cert generated by the same instance of Certify? How is the certificate "not recognised" by CCS? it doesn't bind where it has before? Can you use certutil or other tool to check the PFX and if it's password works independently to CCS?

One issue can be unrecognized key types, or modern algorithms.

• Check that your default key type is RSA 2048
• Check use Modern PFX Alg is not checked under Settings

Note that whatever the issue is, it's most likely not a bug in certify and the best places for general support questions are https://community.certifytheweb.com if you are a community edition users, or if you are a licensed user you can open a support ticket by emailing support {at} certifytheweb.com - this is useful so that you can send through screenshots and log files etc.

[StefanoAmbrogi]

Hi Cristopher, thank you for response. I've tried to import the PFX in my PC and it works, but if I place in a CCS setup with our server the certificate is not recognized and show a red mark on iis. The setting you have suggested are ok. I'll go to open a support ticket to see if you have suggestion on what to check on CCS server. Thanks a lot for your support and sorry for wrong placed question. Bye. Stefano

[webprofusion-chrisc]

Thanks, regarding the red mark in the IIS UI, I think this is just a quirk of the IIS manager UI because the PFX private key was stored by Local System, not the logged in Administrator. The certificate should still be working normally.