Troubleshoot Can't import .pfx certificate, wrong password

[RejZoR]

I don't get it, I'm trying to import my banking certificate from backup medium like billion times before, I do that, enter password and it says the password is wrong. I even used a password cracking tool on the certificate and it says the password is exactly what I was trying to type in as password. So, why the hell is even password cracking tool agreeing with me, but browsers keep on bitching that password is wrong even though t's not. WTF?! I've tried in Edge, Firefox and Opera. What the hell is going on?

 

[upnorth]

Enter password exactly where?

 

[slash/]

The password is incorrect when import pfx certificate into certificate store
https://support.microsoft.com/en-ca...age-when-you-try-to-import-an-ssl-private-key
Hope either of these can help, although I think you've probably looked through them already.

 

[RejZoR]

Enter password exactly where?

When you try to import the certificate into browser. Like billion times before. I was typing in the password for certificate like an idiot and it keeps on saying the password is incorrect even though it is correct.

 

[RejZoR]

The password is incorrect when import pfx certificate into certificate store
https://support.microsoft.com/en-ca...age-when-you-try-to-import-an-ssl-private-key
Hope either of these can help, although I think you've probably looked through them already.

I frankly don't understand any of it. I already have a certificate. It used to work, but now out of the blue it's bitching in all browsers that password for it is incorrect even though it IS correct. It's stupid. How can a correct password be incorrect one at teh same time? Were there some new changes to browsers that reject a certificate all of a sudden?

I've somehow managed to import it into Windows Cert Store by double clicking it and it accepted the password, then I've exported it via Opera again, tried to import it via Firefox and it's bitching again. What the hell?

 

[RejZoR]

I just found out the reason. If I export the certificate and encrypt it using AES256, it'll be failing to import through all browsers. If I export it using only TripleDES encryption, it works fine. Why the hell is it offering me AES256 during exporting if it's apparently some exotic unsupported encryption for .pfx file? The hell!?

If that happens, you need to import .pfx file into Windows Certificate Store by double clicking it and it will accept even AES256 encrypted .pfx file. Then you export it via Opera which uses same store to parse the certificates, then export it and make sure you DON'T use AES256 encryption. Use TripleDES. Then it'll work in all browsers again. Bizarre. Like usual with anything I do... One would expect AES256 for certificates to be widely supported given how standard this encryption is opposed to TripleDES which has been replaced by AES256 ages ago afaik. Hm.

 

[DBS666]

Still an issue a year later...
I created an account just to say thank you, this would have wasted way too much time if I didn't stumble on this answer. I can't believe M$ just allows it to throw a completely wrong & misleading error instead of owning that it doesn't support AES256. They could have at least added a warning in the windows 10 cert manager explaining that AES256 is new to windows and isn't backward compatible. This is Windows ME level garbage.