Thanks @vgaetera , always lending a hand to help
I did manage to workaround the issue. I’ll post here what I had to do so that it might be helpful to others.
Following the instructions here, I was able to extract the certificate and private key from the .pfx
file (had to use the -legacy
parameter, though)
openssl pkcs12 -legacy -in <file>.pfx -clcerts -nokeys -out certificate.crt
openssl pkcs12 -legacy -in <file>.pfx -nocerts -out encrypted.key
openssl rsa -in encrypted.key -out private.key
Then I used openssl to generate a new PKCS12 file, with the default encryption parameters:
openssl pkcs12 -export -in certificate.crt -inkey private.key -out certificate.p12
After that, both Firefox and Chromium were able to import the newly generated certificate.p12
file
For the curious ones, the new files were encrypted with
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
and
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
So, another point to Linux for raising the bar in terms of security (Windows 11 didn’t bother to handle such insecure files – no surprise here… ).
And shame on my certificate issuer for using such poor security standards!