Importing wildcard certificate from Barracuda appliance to IIS 10

I have a functioning wildcard certificate running on a Barracuda Load Balancer. From what I understand I can use that same certificate on other servers / appliances. The certificate is listed as exportable and, once I provide a password, I get a PKCS #12 file.

When I try to import that into IIS 10 Certificates > Import Wizard. I just get the error

The specified network password is not correct.

I read that this can be a result of using a weak password. I tried a couple of long and complex passwords but I end up with the same error.

I contacted Barracuda to see what they could do and they took my cert and password and converted it for me into another format containing "-----BEGIN PRIVATE KEY-----" and "-----BEGIN CERTIFICATE-----" sections. I don't know how that file was created exactly. When I import that I get the message that the

Certificate does not contain a private key

I read that this can be because of previous failed import attempts which was certainly the case for me. I needed to repair the cert. That ends in failure as well with an error from certutil

No key provider information
Cannot find the certificate and private key for decryption.

When I import the cert to the Personal Store and open it I do not see a message to tell me there is a private key associated which might explain previous error messages.

openssl pkcs12 -in c:\users\matt\Downloads\Wild.p12 -nocerts -out c:\temp\test\wild.key
openssl pkcs12 -in c:\users\matt\Downloads\Wild.p12 -clcerts -nokeys -out c:\temp\test\wild.crt

With a pair of valid file I tried to import again but that did not help.


I'm not sure what I need to do to get my PKCS #12 from my Load Balancer to successfully import into a IIS 10 instance.


Solution 1:

I had the same problem. The root cause was an unsupported by IIS encryption algorithm (AES-SHA256?) used to export the certificate with private key. After changing it to another one the import process in IIS worked like a charm.