New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v. 0.9.0.316 Get-ACMECertificate -ExportPkcs12 - pfx file ends up with "garbage" in CERT_FRIENDLY_NAME_PROP_ID(11) #283
Comments
Found the culprit, it was in the BouncyCastle provider for PKI functions. When exporting cert + key in PKCS12 (PFX) format, BC requires the use of an entry ID or alias, which translates into the FriendlyName of the cert when imported by .NET/Windows code. I cleaned up the ID/alias that I used which previously was a serialized version of the whole cert. Unfortunately, one of the issues still remaining is that now the cert friendly name will by default actually be a blank string, instead of none -- I tried various permutations to address this, but none of them worked. You can still override the Friendly Name with something meaningful when using the installers (IIS, Win Cert Store), but if you don't override it, it will appear blank in the cert store, instead of |
The fixed version available in the pre-release feed, will be pushed to the gallery soon. |
Hi,
while exporting the certificate with the v. 0.9.0.316 using the -ExportPkcs12 option the CERT_FRIENDLY_NAME_PROP_ID(11) property of the end entity certificate gets populated with some "garbage" see the snip of the certutil -dump output below ;)
Also the exported file is 16KB big due to this.
Exporting just the certificate in PEM or DER format behaves OK
The text was updated successfully, but these errors were encountered: