Windows 10: Windows changed my PFX certificate - Old certificate will not import

Windows 10 Pro Version 2004 Build 19041.928 Hey guys. This is the second time my Windows machine has decided to change my PFX certificate on me without asking/warning. I have an external HDD with files that are encrypted with a PFX file that I created in 2018. About 6 months or so ago, I couldn't access any of my files. Digging into the issue, Windows had switched my PFX certificate to a new one that I never generated. I guess the system generated it on its own. I was able to restore my old PFX certificate and access the files again. (Thank you backups!!!) Fast forward to today. It has happened again. My Windows system has switched to a new PFX file that was generated last month. I still have my old PFX certificate, but now I am getting an error when trying to import it. I can no longer access my encrypted files. Here are some screenshots of my issues:

:)

 

Importing a SSL certificate in window server 2016

The command you ran placed the certificate in the LocalMachine\Personal store. To export it as a PFX file, follow these steps:

1. Right-click the Start button and click Run
   
2. Type mmc and hit Enter
   
3. Hit Ctrl+M (or click File -> Add/Remove Snap-in...)
   
4. Select Certificates from the Available snap-ins and click Add >
   
5. Select Computer account and click Next, then Finish
   
6. Expand Certificates (Local Computer) -> Personal -> Certificates
   
7. Right-click your certificate in the pane on the right and select All tasks -> Export...
   
8. Follow the wizard to export your certificate to a PFX file (select Yes, export the private key to export it as PFX).
   

 

Decrypting bitlocker encrypted OS volume with .pfx certificate

I have a windows 10 operating system partition that is encrypted with bitlocker.
Unfortunately I don't remember ever having activated bitlocker encryption nor can find and
.bek file or numeric pin or password.

My first uncertainty is in why my device is encrypted in the first place and who encrypted it. There are two possibilities: I have encrypted it myself and forgotten about it. The manufacturer that shipped the laptop has encrypted the device
when installing the operating system (which I don't think is the case). I contacted the manufacturer and they do not have knowledge of any key.

My second uncertainty is in why the bitlocker lockout was triggered at this time when it worked fine for the last year or so. It says
Boot policy has unexpectedly changed. From what I have red so far, there are a lot of reasons why this can happen. Probably it happened because I did not properly remove a external USB harddrive or I changed some BIOS settings without knowing what
I was doing. The only important question is if it is it in principle possible to roll back the boot policy to its initial state and thus circumvent the necessity to enter the bitlocker code?

My third uncertainty is concerning the unlock key. I found a
.pfx certificate file that I might have exported during the encryption procedure, I just don't remember. I found a post

https://www.einfaches-netzwerk.at/teil-20b-bitlocker-dra/ where a drive is indeed decrypted with the
sha1 certificate thumbprint like this:

manage-bde -unlock i: -cert -ct "46 4f 75 9b f9 67 7a d2 44 d0 7b 64 61 63 16 80 df dc 0b a2"

which I can easily retrieve from the .pfx file.

My question is now, assuming this .pfx certificate indeed contains the key to do the decryption, how can I export this certificate to the certificate store so that the above command will work?

How can I install the .pfx certificate from the elevated command prompt (I cannot do it from within the GUI because it is my OS volume that is locked so I only can access it with the recovery console)?

I tired:

certutil -f -p somePassword -importpfx "somePfx.pfx"

as outlined here
https://stackoverflow.com/questions/5171117/import-pfx-file-into-particular-certificate-store-from-command-line?noredirect=1, but
certutil command is not found.

Here is the output of the manage-bde -status command

Can someone give a hint on how to decrypt a bitlocker encrypted OS partition with a
.pfx file and clarify if the steps outlined are in principle correct and should work if the certificate is the right one?

I would appreciate any your comments.

 

Wrong password during import pfx certificateon windows(10, 2016)

Hi,

Thank you for writing to Microsoft Community Forums.

I appreciate your time to work on this issue.

I understand that you are getting error while trying to import PFX certification file.

I suggest you to refer the article
Import-Pfx​Certificate and check if that helps.

You can also post your query in TechNet forums,
where we have support professionals who are well equipped with the knowledge on PFX certification files.

Hope it helps.

Nikhar Khare

Microsoft Community - Moderator