I'm trying to follow the instructions provided here: https://codekabinett.com/rdumps.php?Lang=2&targetDoc=create-install-ssl-tls-certificate-sql-server for setting up a self-signed certificate for use in testing. I was able to successfully create the certificate and key and convert them into a .pfx file. Now I'm trying to actually import that pfx to the local machine using the certificate import wizard. After selecting the file, it asks for the password for the private key. I assume that this is either the password chosen when creating the cert or when converting to pfx. Either way, it will not accept the password. I double checked to make sure I wasn't typing it wrong. I deleted all the files and recreated them using the same password for both. Still rejected. At this point I'm not sure what else to try. What am I missing here?
FYI, here are the commands I used to generate the files:
openssl req -x509 -newkey rsa:4096 -keyout C:\Users\pbuchheit\sqlkey.pem -out c:\Users\pbuchheit\sqlcert.pem -days 3650 -extensions server_ssl
openssl pkcs12 -export -out C:\Users\pbuchheit\sqlcert.pfx -inkey C:\Users\pbuchheit\sqlkey.pem -in C:\Users\pbuchheit\sqlcert.pem
Update:
The problem seems to have something to do with the pfx file. If I try no install a normal certificate (.crt) file it works fine. Could the password be getting deleted or changed when converting the crt and key into a pfx?
openssl pkcs12 -export; if the password for the PEM file was different that has no effect on the pkcs12. Does it contain any non-ASCII character(s)? If so openssl uses 'console' I/O with old-style codepage, while the wizard is a GUI with native Unicode, which likely produces different bytes for the same keystrokes and thus doesn't work; try commandlinecertutilor powershellimport-pfxcertificate(withconvertto-securestring)