000021502 - Internet Explorer doesn't import private key from PKCS #12 file

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021502
Applies ToRSA BSAFE Cert-J
IssueInternet Explorer doesn't import private key from PKCS #12 file
If you pass in an empty array for certAttrs, crlAttrs, or keyAttrs in the PKCS12 constructor call to create a PKCS #12 file for export, the export will succeed; however, when Internet Explorer imports the certificate(s) from that PKCS #12 file, it will go into the Other People store instead of the Personal store, even though the corresponding private key(s) is in the PKCS #12 file.
ResolutionTo correct this issue, pass in "null" argument(s) instead of empty array(s). For example, instead of doing the following:

    X501Attributes[] certAttrs = new X501Attributes[1];
    X501Attributes[] keyAttrs = new X501Attributes[1];

    PKCS12 p12Obj = new PKCS12(certJ, certs, null, keys,
                                                       certAttrs, null, keyAttrs);

Just do this:

    PKCS12 p12Obj = new PKCS12(certJ, certs, null, keys,
                                                       null, null, null);
Legacy Article IDa23239

Attachments

    Outcomes