000021490 - Internet Explorer doesn't import private key from PKCS #12 file

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021490
Applies ToRSA BSAFE Cert-J
RSA BSAFE Cert-C
IssueInternet Explorer doesn't import private key from PKCS #12 file
Internet Explorer imports the certificates from a PKCS #12 file into the Other People store instead of the Personal store, even though the corresponding private keys are in the PKCS #12 file
CauseThe order of the private keys in the PKCS #12 file does not match the order of the certificates. For example, the PKCS #12 file certificates in this order: end-entity (EE) cert #1, EE cert #2, CA cert, EE cert #3; and private keys in this order: priv key #1, #2, #3. Since the CA cert's private key is not present in the PKCS #12 file, Internet Explorer does not match the certs with the private keys correctly.
Resolution
When you create the PKCS #12 file, put the certs and private keys in the same order (for example, put the CA certificate last).
Legacy Article IDa23238

Attachments

    Outcomes