PFX import error...?

Welcome Forums General PowerShell Q&A PFX import error...?

This topic contains 1 reply, has 1 voice, and was last updated by

9 months, 3 weeks ago.

  • Author
  • #100125

    Points: 1
    Rank: Member

    I have a .crt and .key file, from which I am creating a .pfx file using OpenSSL. I am trying to use PowerShell to import the .pfx file into Cert:\LocalMachine\My, then I'll use that certificate for OpenVPN. Using the following code, I am not getting any errors on the import:

    $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
    $cert.import("$env:TEMP\$site.pfx", $certPassword, "PersistKeySet")
    $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My", "LocalMachine")

    I can see the cert in the MMC, but OpenVPN's log file shows:

    error:C5066064:microsoft cryptoapi:CryptAcquireCertificatePrivateKey:Keyset does not exist

    I have tried $certPassword as both a string and secure string. When I import the certificate via the GUI (copying the password from the content of $certPassword), OpenVPN starts normally.

    I also tried this code but saw the same behavior:

    Import-PfxCertificate -Password ($certPassword | ConvertTo-SecureString -AsPlainText -Force) -CertStoreLocation Cert:\LocalMachine\My -FilePath $env:temp\$site.pfx

    Finally, I am running the PowerShell session elevated and OpenVPN is running as Local System.

    What could I be doing wrong? Thanks.

  • #100129

    Points: 1
    Rank: Member

    Turns out, I needed to include the MachineKeySet flag in my import command:

    $cert.import("$env:TEMP\$site.pfx", $certPassword, "MachineKeySet,PersistKeySet")

The topic ‘PFX import error...?’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort