I'm trying to follow the instructions provided here: https://codekabinett.com/rdumps.php?Lang=2&targetDoc=create-install-ssl-tls-certificate-sql-server for setting up a self-signed certificate for use in testing. I was able to successfully create the certificate and key and convert them into a .pfx file. Now I'm trying to actually import that pfx to the local machine using the certificate import wizard. After selecting the file, it asks for the password for the private key. I assume that this is either the password chosen when creating the cert or when converting to pfx. Either way, it will not accept the password. I double checked to make sure I wasn't typing it wrong. I deleted all the files and recreated them using the same password for both. Still rejected. At this point I'm not sure what else to try. What am I missing here?
FYI, here are the commands I used to generate the files:
openssl req -x509 -newkey rsa:4096 -keyout C:\Users\pbuchheit\sqlkey.pem -out c:\Users\pbuchheit\sqlcert.pem -days 3650 -extensions server_ssl
openssl pkcs12 -export -out C:\Users\pbuchheit\sqlcert.pfx -inkey C:\Users\pbuchheit\sqlkey.pem -in C:\Users\pbuchheit\sqlcert.pem
Update:
The problem seems to have something to do with the pfx file. If I try no install a normal certificate (.crt) file it works fine. Could the password be getting deleted or changed when converting the crt and key into a pfx?
Best Answer
I finally found the answer here: https://stackoverflow.com/a/70369871/1860222. Apparently, the import wizard was giving garbage feedback and the problem had nothing to do with the password. As it turns out, openssl defaults to an encryption that is not compatible with Windows 10. Once I explicitly set the encryption for the pfx to something windows could handle, the import worked fine.
The final command ended up looking like this: