How To: Resolve "the certificate is not a valid pfx/pkcs#12 certificate" error when importing a certificate

The Problem

Occasionally when importing a cert into Venafi, you will see an error that says: 

"The certificate is not a valid pfx/pkcs#12 certificate


The Certificate could not be decrypted with the password provided."


The Cause

The second bit of information is the most important part of the error.  By telling us the cert can't be decrypted, Venafi is telling us that there is a formatting issue with the way the cert was converted over to .pfx/pkcs#12.  

The Solution

To convert certs to other formats, typically users will download certs in a different format, import them into the Windows store, and use MMC Cert Manager them to the desired format.  

When running through MMC's conversion wizard, make sure the following options are checked on the Export File Format screen:

  • Include all certificates in the certification path if possible
  • Export all extended properties

Everything else should be unchecked.

On the next screen, make sure your password encryption is set to TripleDES-SHA1.

Set your password and export the cert.  It should successfully import into Venafi.

Was this article helpful?
1 out of 1 found this helpful