<Problem>
I tried to install client certificate to client computer. But password error was displayed.
Procedure that I performed is following.
1. I exported the pfx file using PowerShell script with the password.(*1)
2. I copied the pfx file to client computer.
3. I double-clicked the pfx file of the client computer. (Import-wizard has started).
4. Select Current User and pushed "NEXT" button.
5. Pushed "NEXT" button.
6. Enter password and Pushed "NEXT" button (Then the dialog box with "The password you entered is incorrect." was displayed.
Is it because that PowerShell's export-pfxCertificate command can not includes Secret key?
In the case that pfx file is exported by certificate-export-wizard, certificate-import-wizard is succeeded and my application works fine. Following is detail of the error.Best regards.
<Detail of Error>
Import-PfxCertificate : The PFX file you are trying to import requires either a different password or membership in an Active Directory principal
to which it is protected.
At C:\Work\TestService2\test_import.ps1:11 char:1
+ Import-PfxCertificate -Password $secure_pwd -FilePath "${client_cert_ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Import-PfxCertificate], Win32Exception
+ FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.CertificateServices.Commands.ImportPfxCertificate
<C# Source Code>
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.CurrentUser, StoreName.Root,
X509FindType.FindBySubjectName, "FirstClientCert"
);<Power Shell Script for exporting>*1
$current_directory = 'D:\Work\TestService2'
$root_cert_name = 'FirstRootCert'
$client_cert_name = 'FirstClientCert'
#$imd_sert_name = 'FirstImdCert'
$pwd = 'xxxxxxxx'
$port_no = 5000
$service_guid = '541eea84-c788-4d23-b6b2-f5210xxxx5c5'
#1. Change the current directory.
Set-Location $current_directory
#2. Encrypt the password.
[System.Security.SecureString]$secure_pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
#3. Create a root certificate.
$root_cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=${root_cert_name}" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
#4. Export personal information exchange file and private key from root certificate.
[String]$rootCertPath = Join-Path -Path 'cert:\CurrentUser\My\' -ChildPath "$($root_cert.Thumbprint)"
Export-PfxCertificate -Cert $rootCertPath -FilePath "${root_cert_name}.pfx" -Password $secure_pwd
Export-Certificate -Cert $rootCertPath -FilePath "${root_cert_name}.crt"
#5. Create a client certificate.
$client_cert = New-SelfSignedCertificate -Type Custom -DnsName $client_cert_name -KeySpec Signature -Subject "CN=${client_cert_name}" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Signer $root_cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
#6. Export personal information exchange file and private key from client certificate.
[String]$rootCertPath = Join-Path -Path 'cert:\CurrentUser\My\' -ChildPath "$($client_cert.Thumbprint)"
Export-PfxCertificate -Cert $rootCertPath -FilePath "${client_cert_name}.pfx" -Password $secure_pwd
Export-Certificate -Cert $rootCertPath -FilePath "${client_cert_name}.crt"<Power Shell Script for Importing>*2
$current_directory = 'C:\Work\TestService2'
$client_cert_name = 'FirstClientCert'
$pwd = 'xxxxxxxx'
#1. Change the current directory.
Set-Location $current_directory
#2. Encrypt the password.
[System.Security.SecureString]$secure_pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
#3. Import PFX file.
Import-PfxCertificate -Password $secure_pwd -FilePath "${client_cert_name}.pfx" -CertStoreLocation 'Cert:\CurrentUser\My'