Pvk2Pfx won't use input PVK password for output PFX protection

Question

I am using Pvk2Pfx to convert a pvk and cer to a pfx file, the command I am using is

pvk2pfx -pvk MyTest.pvk -spc MyTest.cer -pfx MyTest.pfx

During the creation of pvk file by using makecert, I was prompted to enter a password for private key.

When I ran the command to convert, I was also prompted to enter the password of the pvk file. When I tried to import the pfx file to my certificate store in Windows, I don't have to specify the password. But according to Microsoft document

/po pfxpassword Specifies a password for the .pfx file. If a password for the .pfx file is not specified, the password for the .pfx file will be the same as the password for .pvk file

In this case I have not used /po switch in my command, I think the pfx file should have the same password of pvk file, right? Why I don't need to provide password to import it to certificate store?

Answer 1

Looks like it will only use the password for the .pvk file as password for the .pfx file if you provide the password using the /pi switch.

pvk2pfx /pvk pvkfilename.pvk /pi pvkpassword /spc spcfilename.cer /pfx pfxfilename.pfx

If you don't specify a pvk password, you will be promted to input one, but the resulting pfx file will NOT be password protected.

Additional info about pvk2pfx.