I have a p12 file (RS256), when I open through Certificate Import Wizard on windows 10 and follow steps, windows could read the file with a password, but when it move to windows server 2012 r2 and do the same steps, windows fails to read the file because the password entered is not correct. please help, why I can't import p12 to windows server 2012 r2
UPDATE
the p12 file converted from the jks file using keytool on windows 10, I tried to re-convert it on windows server 2012 but still, it can not reads the file because the password is incorrect (I'm pretty sure the password is entered correctly), could you suggest me how to convert jks file to p12 with sha256withRSA correctly that running on windows server 2012 r2?
this command successfully generated but imported fail:
keytool -importkeystore -srckeystore e:\file.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore e:\file.p12 -sigalg RS256
keytool -importkeystore -srckeystore e:\file.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore e:\file.p12 -sigalg sha256withRSA
The most likely reason is that your PFX is internally using new encryption options that were added in Windows 10.
If you run your PFX through an ASN.1 decoder (such as https://lapo.it/asn1js/, or the
certutil -asn
command) you want to see something likeThat is, there's a 1.2.840.113549.1.12.10.1.2 (PKCS#12 PKCS8ShroudedKeyBag) which contains an item of 1.2.840.113549.1.12.1.3 (PKCS#12 pbeWithSHA1And3KeyTripleDES).
I'm guessing your PFX instead has a PKCS8ShroudedKeyBag which contains an item of 1.2.840.113549.1.5.13 (Password Based Encryption Scheme 2 / PBES2)... which is first supported on Windows 10.