PFX export doesn't work for older Windows versions

[tompaah]

The PFX export introduced in 0.23.0 is awesome.

But I just found out the PFX files doesn't work in older Windows versions, it's not possible to decrypt (import) it using the certificate key. This is due to older Windows versions not supporting AES256 and Microsoft ways there is no fix for this, neither now or planned. This mainly affects Windows Server 2016, it's still supported by Microsoft (until 1/12/2027) so one could guess there are a number of these "in the wild" still. 2012 R2 not so much, they are very old an unsupported by now.

cannot-import-aes256-sha256-encrypted-pfx-certificate and windows-server-2016-2012r2-how-to-add-support-for

Would it be possible to add an option in Cert Warden that PFX files are exported with TripleDES-SHA1 instead? Either in the configuration file or as a parameter in the API call.

[gregtwallace]

Is the Client an option for you? The legacy PFX format is currently supported there: https://github.com/gregtwallace/certwarden-client

I do agree this should be added but I'm not sure when I'll get to this feature. I'm also not sure if I'll make it a separate API endpoint or if it will need to be specified in an additional header sent to the existing endpoint.

[tompaah]

I'll check the client out and see what it can do, thanks.