The Problem
Occasionally when importing a cert into Venafi, you will see an error that says:
"The certificate is not a valid pfx/pkcs#12 certificate
OR
The Certificate could not be decrypted with the password provided."
The Cause
The second bit of information is the most important part of the error. By telling us the cert can't be decrypted, Venafi is telling us that there is a formatting issue with the way the cert was converted over to .pfx/pkcs#12.
The Solution
To convert certs to other formats, typically users will download certs in a different format, import them into the Windows store, and use MMC Cert Manager them to the desired format.
When running through MMC's conversion wizard, make sure the following options are checked on the Export File Format screen:
- Include all certificates in the certification path if possible
- Export all extended properties
Everything else should be unchecked.
On the next screen, make sure your password encryption is set to TripleDES-SHA1.
Set your password and export the cert. It should successfully import into Venafi.
Comments