I created a my private CA and form a pkcs12 certificate file for testing. I did this on my Linux box with openssl by:
openssl req -config /etc/openssl.cnf -subj /CN=aa1@2C/O=Ruckus Wireless, Inc./ST=CA/C=US -batch -new -nodes -key users/2C.key -out users/2C.csr
openssl ca -config /etc/openssl.cnf -extensions client_cert -batch -in users/2C.csr -out users/2C.crt
openssl pkcs12 -export -out users/2C.pfx -inkey users/2C.key -in users/2C.crt -certfile cacert.pem -passout stdin
After that, I copied the 2c.pfx to my Windows 7 machine and tried to install it, but the error message bumped out:
Invalid Public Key Security Object File: This file is invalid for use as the following:Personal Information Exchange.
What is the reason for this? Did I create a broken pfx file?
PKCS#12 (also known as PKCS12 or PFX) is a binary format for storing a certificate chain and private key in a single, encryptable file. PKCS#12 files are commonly used to import and export certificates and private keys on Windows and macOS computers, and usually have the filename extensions .
key Enter Import Password: MAC verified OK Enter PEM pass phrase: Verifying - Enter PEM pass phrase: As shown here, you will be asked for the password of the PFX file. Later, you will be asked to enter a PEM passphase. Let's, for example, use 123456 for everything here.
The . pfx file, which is in a PKCS#12 format, contains the SSL certificate (public keys) and the corresponding private keys. Sometimes, you might have to import the certificate and private keys separately in an unencrypted plain text format to use it on another system.
I also had the message
Invalid Public Key Security Object File: This file is invalid for use as the following:Personal Information Exchange.
The problem was that de p12-file was on a networkshare which was mapped as a drive. Copying the file to my real hard drive (C:) solved the problem.
This is somewhat obscure (I don't ever recall seeing it, but hey...). First, ensure that you are importing the certificate into the proper store. Most import errors I have encountered are due to he wrong store. I believe you need to install the certificate in the local machine's Trusted Root Certificate Authorities store (Intermediate Certificate Authorities does not work). If that's not a store problem....
Second, try this out from the Microsoft forums. Unable to Import Certificate (p12 or pfx File). (I reproduced it in case Microsoft rearranges their website. But to be clear, its someone else's solution):
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
By the way, I think you can check if its well formed according to Microsoft tools with the following. I don't have a Windows machine handy to test it with.
certutil -dump 2C.pfx
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With