|Applies To||RSA Product Set: Certificate Manager|
RSA Version/Condition: 6.7
Platform: Microsoft Windows 2003 Server
Platform (Other): Microsoft Internet Explorer
|Issue||Password incorrect error when importing a PKCS#12 on Microsoft Internet Explorer|
Attempting to import a PKCS#12 (containing a certificate and the corresponding private key) with correct password shows the following error on Microsoft Internet Explorer:
Certificate Import Wizard
|Cause||PKCS#12 generated by RSA Certificate Manager through CA Operations workbench option 'Export to PKCS#12', creates a PEM-formatted PKCS#12 with a header and a footer that looks like the following:|
-----BEGIN CERTIFICATE AND KEY-----
A PEM-formatted PKCS#12 with header/footer fails to import into Microsoft Internet Explorer. Internet Explorer accepts DER-encoded PKCS#12 object for importing.
|Resolution||Follow the steps below (requires openssl tool) to convert the PEM-formatted PKCS#12 into DER-encoded, and then import into Internet Explorer (see the Notes section below):|
|Notes||IMPORTANT: While it is okay in test environments for testing purpose to export a CA PKCS#12 and then import into a browser, this should not be done for production CAs as an exported/imported CA could result in a potential compromise of the CA private key.|
The PKCS#12 was generated on RSA Certificate Manager Admin Interface -> CA Operations Workbench -> View a software-based CA -> click on 'Export to PKCS#12' button and provide a password to protect the PKCS#12.
|Legacy Article ID||a52512|