Convert PFX certificate from Windows XP to Windows 7 or Windows Server 2008

It is known that compatibility between version of MS Windows is poor. The best way is to leave MS Windows, but it is not sometimes possible. In this post I am going to describe how to solve problem of incompatibility between certificate in Windows XP and higher versions like Windows 7 and Windows Server 2008 and other.

Use cases

• User of MS Windows XP migrates to Windows 7.
• User of Windows XP connects to remote application on Windows Server 2008.

Problem description
User exports your certificate in PFX format on Windows XP and wants to import it to Windows 7 or Windows Server 2008. User receives the following error message:

An internal error occurred. This can be either the user profile is not accessible or the private key that you are importing might require a cryptographic service provider that is not installed on your system.

Solution 

Use OpenSSL Toolkit for converting certificate to another format. OpenSSL is available for many various OSs.

Create new PFX

	# Extract private key
	openssl pkcs12 -in YOUR_CERTS.pfx -nocerts -out privateKey.pem
	# Extract public certs
	openssl pkcs12 -in YOUR_CERTS.pfx -clcerts -nokeys -out publicCert.pem
	# create new certificate
	openssl pkcs12 -inkey privateKey.pem -in publicCert.pem -export -out YOUR_CERT_v1.pfx

view raw gistfile1.sh hosted with ❤ by GitHub

Check expiration date

	# convert to PEM
	openssl pkcs12 -in YOUR_CERTS.pfx -out tempcrt.pem
	# check expiration date
	openssl x509 -in tempcrt.pem -noout -enddate

view raw gistfile1.sh hosted with ❤ by GitHub

Format description

PEM
The PEM format is the most common format that Certificate Authorities issue certificates in. PEM certificates usually have extentions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files and contain "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format.

PKCS#7/P7B
The PKCS#7 or P7B format is usually stored in Base64 ASCII format and has a file extention of .p7b or .p7c. P7B certificates contain "-----BEGIN PKCS7-----" and "-----END PKCS7-----" statements. A P7B file only contains certificates and chain certificates, not the private key.

PKCS#12/PFX
The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys.