Importing wildcard certificate from Barracuda appliance to IIS 10
I have a functioning wildcard certificate running on a Barracuda Load Balancer. From what I understand I can use that same certificate on other servers / appliances. The certificate is listed as exportable and, once I provide a password, I get a PKCS #12 file.
When I try to import that into IIS 10 Certificates > Import Wizard. I just get the error
The specified network password is not correct.
I read that this can be a result of using a weak password. I tried a couple of long and complex passwords but I end up with the same error.
I contacted Barracuda to see what they could do and they took my cert and password and converted it for me into another format containing "-----BEGIN PRIVATE KEY-----" and "-----BEGIN CERTIFICATE-----" sections. I don't know how that file was created exactly. When I import that I get the message that the
Certificate does not contain a private key
I read that this can be because of previous failed import attempts which was certainly the case for me. I needed to repair the cert. That ends in failure as well with an error from certutil
No key provider information Cannot find the certificate and private key for decryption.
When I import the cert to the Personal Store and open it I do not see a message to tell me there is a private key associated which might explain previous error messages.
openssl pkcs12 -in c:\users\matt\Downloads\Wild.p12 -nocerts -out c:\temp\test\wild.key
openssl pkcs12 -in c:\users\matt\Downloads\Wild.p12 -clcerts -nokeys -out c:\temp\test\wild.crt
With a pair of valid file I tried to import again but that did not help.
I'm not sure what I need to do to get my PKCS #12 from my Load Balancer to successfully import into a IIS 10 instance.
Solution 1:
I had the same problem. The root cause was an unsupported by IIS encryption algorithm (AES-SHA256?) used to export the certificate with private key. After changing it to another one the import process in IIS worked like a charm.