Windows Server 2019 - Certificate with private key export, encryption typeDisabling strong private key encryption on a personal certificateImporting SSL certificates on Win2k3 / IIS 6.0How do I tell Git for Windows where to find my private RSA key?How to delete the private key associated with a certificate windows 7Why can't I export a certificate that I imported as exportable?Certificate does not contain a private key when importing certificateDoes generating a CSR through IIS 7.5 on Windows Server 2008 R2 always create a new private key?Can I get anSHA-256 certificate when the CSR is for SHA-1?How do I determine if strong key protection is enabled for a certificate private key in Server 2008 R2?Nginx working with SSL but Private Key mismatch error
Is there a general effective method to solve Smullyan style Knights and Knaves problems? Is the truth table method the most appropriate one?
Is there a way to make it so the cursor is included when I prtscr key?
How to capture more stars?
Dictionary size reduces upon increasing one element
Would jet fuel for an F-16 or F-35 be producible during WW2?
Can't remember the name of this game
What does the view outside my ship traveling at light speed look like?
Why does the 'metric Lagrangian' approach appear to fail in Newtonian mechanics?
Would Brexit have gone ahead by now if Gina Miller had not forced the Government to involve Parliament?
Can a wire having 610-670 THz (frequency of blue light) A.C frequency supply, generate blue light?
Binary Search in C++17
Different circular sectors as new logo of the International System
Is it ok to put a subplot to a story that is never meant to contribute to the development of the main plot?
Is floating in space similar to falling under gravity?
How bitcoin nodes update UTXO set when their latests blocks are replaced?
How do I align equations in three columns, justified right, center and left?
Ticket sales for Queen at the Live Aid
analysis of BJT PNP type - why they can use voltage divider?
Employer demanding to see degree after poor code review
Is there a down side to setting the sampling time of a SAR ADC as long as possible?
Approximate solution: factorial and exponentials
Is the first derivative operation on a signal a causal system?
What do different value notes on the same line mean?
How were these pictures of spacecraft wind tunnel testing taken?
Windows Server 2019 - Certificate with private key export, encryption type
Disabling strong private key encryption on a personal certificateImporting SSL certificates on Win2k3 / IIS 6.0How do I tell Git for Windows where to find my private RSA key?How to delete the private key associated with a certificate windows 7Why can't I export a certificate that I imported as exportable?Certificate does not contain a private key when importing certificateDoes generating a CSR through IIS 7.5 on Windows Server 2008 R2 always create a new private key?Can I get anSHA-256 certificate when the CSR is for SHA-1?How do I determine if strong key protection is enabled for a certificate private key in Server 2008 R2?Nginx working with SSL but Private Key mismatch error
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I noticed that starting in Windows Server 2019, and an unknown version of Windows 10 (I'm running 1903, and I tried on 1809 as well), when you export a certificate and choose to export it's private key as well, you have an option to choose the encryption method (it's a combobox just below the password and confirm password fields):
TripleDES-SHA1
AES256-SHA256
On Windows Server 2012 and Windows Server 2016, that option isn't present. When you try to import a certificate with a private key on WS2012 and WS2016 that was exported with the AES256-SHA256 encryption, when you enter the password, it'll throw you an error saying that the password is incorrect. HOWEVER, if you import a certificate with a private key that was exported with the TripleDES-SHA1 encryption it works.
Since Windows Server 2016 is based on Windows 10 v1607, and Windows Server 2019 is based on Windows 10 v1809, that option must have been added between these versions, so:
1703
1709
1803
Does anyone knows when was this option added? And is there a way to make Windows Server 2012 and 2016 import certificates with a private key that was encrypted using AES256-SHA256?
Thank you,
PS: The certificate is a .pfx file that can be imported through the Certificate Import Wizard.
Edit: Here's a screenshot of the option.
certificate private-key windows-server-2019
asked May 14 at 14:33
AuraAura
1666
add a comment |
I noticed that starting in Windows Server 2019, and an unknown version of Windows 10 (I'm running 1903, and I tried on 1809 as well), when you export a certificate and choose to export it's private key as well, you have an option to choose the encryption method (it's a combobox just below the password and confirm password fields):
TripleDES-SHA1
AES256-SHA256
On Windows Server 2012 and Windows Server 2016, that option isn't present. When you try to import a certificate with a private key on WS2012 and WS2016 that was exported with the AES256-SHA256 encryption, when you enter the password, it'll throw you an error saying that the password is incorrect. HOWEVER, if you import a certificate with a private key that was exported with the TripleDES-SHA1 encryption it works.
Since Windows Server 2016 is based on Windows 10 v1607, and Windows Server 2019 is based on Windows 10 v1809, that option must have been added between these versions, so:
1703
1709
1803
Does anyone knows when was this option added? And is there a way to make Windows Server 2012 and 2016 import certificates with a private key that was encrypted using AES256-SHA256?
Thank you,
PS: The certificate is a .pfx file that can be imported through the Certificate Import Wizard.
Edit: Here's a screenshot of the option.
certificate private-key windows-server-2019
asked May 14 at 14:33
AuraAura
1666
add a comment |
I noticed that starting in Windows Server 2019, and an unknown version of Windows 10 (I'm running 1903, and I tried on 1809 as well), when you export a certificate and choose to export it's private key as well, you have an option to choose the encryption method (it's a combobox just below the password and confirm password fields):
TripleDES-SHA1
AES256-SHA256
On Windows Server 2012 and Windows Server 2016, that option isn't present. When you try to import a certificate with a private key on WS2012 and WS2016 that was exported with the AES256-SHA256 encryption, when you enter the password, it'll throw you an error saying that the password is incorrect. HOWEVER, if you import a certificate with a private key that was exported with the TripleDES-SHA1 encryption it works.
Since Windows Server 2016 is based on Windows 10 v1607, and Windows Server 2019 is based on Windows 10 v1809, that option must have been added between these versions, so:
1703
1709
1803
Does anyone knows when was this option added? And is there a way to make Windows Server 2012 and 2016 import certificates with a private key that was encrypted using AES256-SHA256?
Thank you,
PS: The certificate is a .pfx file that can be imported through the Certificate Import Wizard.
Edit: Here's a screenshot of the option.
certificate private-key windows-server-2019
asked May 14 at 14:33
AuraAura
1666
I noticed that starting in Windows Server 2019, and an unknown version of Windows 10 (I'm running 1903, and I tried on 1809 as well), when you export a certificate and choose to export it's private key as well, you have an option to choose the encryption method (it's a combobox just below the password and confirm password fields):
TripleDES-SHA1
AES256-SHA256
On Windows Server 2012 and Windows Server 2016, that option isn't present. When you try to import a certificate with a private key on WS2012 and WS2016 that was exported with the AES256-SHA256 encryption, when you enter the password, it'll throw you an error saying that the password is incorrect. HOWEVER, if you import a certificate with a private key that was exported with the TripleDES-SHA1 encryption it works.
Since Windows Server 2016 is based on Windows 10 v1607, and Windows Server 2019 is based on Windows 10 v1809, that option must have been added between these versions, so:
1703
1709
1803
Does anyone knows when was this option added? And is there a way to make Windows Server 2012 and 2016 import certificates with a private key that was encrypted using AES256-SHA256?
Thank you,
PS: The certificate is a .pfx file that can be imported through the Certificate Import Wizard.
Edit: Here's a screenshot of the option.
certificate private-key windows-server-2019
certificate private-key windows-server-2019
asked May 14 at 14:33
AuraAura
1666
asked May 14 at 14:33
AuraAura
1666
asked May 14 at 14:33
AuraAura
1666
asked May 14 at 14:33
AuraAura
1666
asked May 14 at 14:33
AuraAura
1666
1666
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Alright so according to this issue on the PowerShell GitHub, these options might have been added somewhere around Windows 10 v1709. So Windows Server 2016 v1709 and Windows 10 v1709 supports the AES256-SHA256 encryption type.
https://github.com/PowerShell/CertificateDsc/issues/153#issuecomment-413766692
answered May 14 at 14:49
AuraAura
1666
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f967227%2fwindows-server-2019-certificate-with-private-key-export-encryption-type%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Alright so according to this issue on the PowerShell GitHub, these options might have been added somewhere around Windows 10 v1709. So Windows Server 2016 v1709 and Windows 10 v1709 supports the AES256-SHA256 encryption type.
https://github.com/PowerShell/CertificateDsc/issues/153#issuecomment-413766692
answered May 14 at 14:49
AuraAura
1666
add a comment |
Alright so according to this issue on the PowerShell GitHub, these options might have been added somewhere around Windows 10 v1709. So Windows Server 2016 v1709 and Windows 10 v1709 supports the AES256-SHA256 encryption type.
https://github.com/PowerShell/CertificateDsc/issues/153#issuecomment-413766692
answered May 14 at 14:49
AuraAura
1666
add a comment |
Alright so according to this issue on the PowerShell GitHub, these options might have been added somewhere around Windows 10 v1709. So Windows Server 2016 v1709 and Windows 10 v1709 supports the AES256-SHA256 encryption type.
https://github.com/PowerShell/CertificateDsc/issues/153#issuecomment-413766692
answered May 14 at 14:49
AuraAura
1666
Alright so according to this issue on the PowerShell GitHub, these options might have been added somewhere around Windows 10 v1709. So Windows Server 2016 v1709 and Windows 10 v1709 supports the AES256-SHA256 encryption type.
https://github.com/PowerShell/CertificateDsc/issues/153#issuecomment-413766692
answered May 14 at 14:49
AuraAura
1666
answered May 14 at 14:49
AuraAura
1666
answered May 14 at 14:49
AuraAura
1666
answered May 14 at 14:49
AuraAura
1666
1666
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f967227%2fwindows-server-2019-certificate-with-private-key-export-encryption-type%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
