Windows 10: Windows changed my PFX certificate - Old certificate will not import

Discus and support Windows changed my PFX certificate - Old certificate will not import in Windows 10 Support to solve the problem; Windows 10 Pro Version 2004 Build 19041.928 Hey guys. This is the second time my Windows machine has decided to change my PFX certificate on me without... Discussion in 'Windows 10 Support' started by jorgsmash, May 4, 2021.

  1. jorgsmash Win User

    Windows changed my PFX certificate - Old certificate will not import


    Windows 10 Pro Version 2004 Build 19041.928 Hey guys. This is the second time my Windows machine has decided to change my PFX certificate on me without asking/warning. I have an external HDD with files that are encrypted with a PFX file that I created in 2018. About 6 months or so ago, I couldn't access any of my files. Digging into the issue, Windows had switched my PFX certificate to a new one that I never generated. I guess the system generated it on its own. I was able to restore my old PFX certificate and access the files again. (Thank you backups!!!) Fast forward to today. It has happened again. My Windows system has switched to a new PFX file that was generated last month. I still have my old PFX certificate, but now I am getting an error when trying to import it. I can no longer access my encrypted files. Here are some screenshots of my issues:

    :)
     
    jorgsmash, May 4, 2021
    #1

  2. Importing a SSL certificate in window server 2016

    The command you ran placed the certificate in the LocalMachine\Personal store. To export it as a PFX file, follow these steps:

    1. Right-click the Start button and click Run
    2. Type mmc and hit Enter
    3. Hit Ctrl+M (or click File -> Add/Remove Snap-in...)
    4. Select Certificates from the Available snap-ins and click Add >
    5. Select Computer account and click Next, then Finish
    6. Expand Certificates (Local Computer) -> Personal -> Certificates
    7. Right-click your certificate in the pane on the right and select All tasks -> Export...
    8. Follow the wizard to export your certificate to a PFX file (select Yes, export the private key to export it as PFX).
     
    FastEthernet, May 4, 2021
    #2
  3. chriad Win User
    Decrypting bitlocker encrypted OS volume with .pfx certificate

    I have a windows 10 operating system partition that is encrypted with bitlocker.
    Unfortunately I don't remember ever having activated bitlocker encryption nor can find and
    .bek file or numeric pin or password.

    My first uncertainty is in why my device is encrypted in the first place and who encrypted it. There are two possibilities: I have encrypted it myself and forgotten about it. The manufacturer that shipped the laptop has encrypted the device
    when installing the operating system (which I don't think is the case). I contacted the manufacturer and they do not have knowledge of any key.

    My second uncertainty is in why the bitlocker lockout was triggered at this time when it worked fine for the last year or so. It says
    Boot policy has unexpectedly changed. From what I have red so far, there are a lot of reasons why this can happen. Probably it happened because I did not properly remove a external USB harddrive or I changed some BIOS settings without knowing what
    I was doing. The only important question is if it is it in principle possible to roll back the boot policy to its initial state and thus circumvent the necessity to enter the bitlocker code?

    My third uncertainty is concerning the unlock key. I found a
    .pfx certificate file that I might have exported during the encryption procedure, I just don't remember. I found a post

    https://www.einfaches-netzwerk.at/teil-20b-bitlocker-dra/
    where a drive is indeed decrypted with the
    sha1 certificate thumbprint like this:

    manage-bde -unlock i: -cert -ct "46 4f 75 9b f9 67 7a d2 44 d0 7b 64 61 63 16 80 df dc 0b a2"

    which I can easily retrieve from the .pfx file.

    My question is now, assuming this .pfx certificate indeed contains the key to do the decryption, how can I export this certificate to the certificate store so that the above command will work?

    How can I install the .pfx certificate from the elevated command prompt (I cannot do it from within the GUI because it is my OS volume that is locked so I only can access it with the recovery console)?

    I tired:

    certutil -f -p somePassword -importpfx "somePfx.pfx"

    as outlined here
    https://stackoverflow.com/questions/5171117/import-pfx-file-into-particular-certificate-store-from-command-line?noredirect=1
    , but
    certutil command is not found.

    Here is the output of the manage-bde -status command

    Can someone give a hint on how to decrypt a bitlocker encrypted OS partition with a
    .pfx file and clarify if the steps outlined are in principle correct and should work if the certificate is the right one?

    I would appreciate any your comments.
     
    chriad, May 4, 2021
    #3
  4. Nikhar_K Win User

    Windows changed my PFX certificate - Old certificate will not import

    Wrong password during import pfx certificateon windows(10, 2016)

    Hi,

    Thank you for writing to Microsoft Community Forums.

    I appreciate your time to work on this issue.

    I understand that you are getting error while trying to import PFX certification file.

    I suggest you to refer the article
    Import-Pfx​Certificate
    and check if that helps.

    You can also post your query in TechNet forums,
    where we have support professionals who are well equipped with the knowledge on PFX certification files.

    Hope it helps.

    Nikhar Khare

    Microsoft Community - Moderator
     
    Nikhar_K, May 4, 2021
    #4
Thema:

Windows changed my PFX certificate - Old certificate will not import

Loading...
  1. Windows changed my PFX certificate - Old certificate will not import - Similar Threads - changed PFX certificate

  2. Certificates on Windows

    in Windows 10 Installation and Upgrade
    Certificates on Windows: Hey! Today I've created a certificate, yesterday as well, I think, to encrypt one of my files, on a local user that has no admin rights, it is a standard user. I have 2 questions: in case I've deleted a certificate that is not created by me, is that dangerous? I mean I am...
  3. What are the certificates on Windows for and how important are they?

    in Windows 10 Ask Insider
    What are the certificates on Windows for and how important are they?: I've created 2 certificates for myself, but I didn't intend to do that. So I opened MMC, navigated to the certificates and removed them. I am not sure if I removed only these 2 certificates. What would happen if I removed a random certificate, would I be exposed online? What...
  4. Is there anyway to import multiple certificates at once?

    in Windows 10 Network and Sharing
    Is there anyway to import multiple certificates at once?: I have a lot of certificates *.crt and *.der to import into my computer's certificate store. The certmgr.exe options seems only to support importing a single certificate each time. Is there anyway to import all those certificates at once without importing each one...
  5. Windows Certificate

    in Windows 10 Updates and Activation
    Windows Certificate: How do I know if my certificate is expired? https://answers.microsoft.com/en-us/windows/forum/all/windows-certificate/0b8c35b7-fc77-4ec2-a29e-9065a9e97470
  6. Certification request

    in AntiVirus, Firewalls and System Security
    Certification request: Good Afternoon all, I don't know if I am in the right community, but I do have a concern that needs to fixed. I am a college student switch from Business Administration to IT & System Information. I have Lab assignment which is to use Sectigo to create email signature and...
  7. Windows certificates..

    in Windows 10 Ask Insider
    Windows certificates..: My antivirus just issued a certificate for my router..it was strange because before I only had warning that site was insecure but now I have verified certificate for my router and edge display that the page is safe for the first time.. Then I went to control panel, internet...
  8. Certificates are not propagated - Certificate Propagation Service

    in Windows 10 Drivers and Hardware
    Certificates are not propagated - Certificate Propagation Service: I have a problem using a Smart Card. For some reason it doesn't propagate certificates automatically, the only way it propagates is by locking the windows screen, and unlocking again. I understand that propagation is done automatically only when connecting my card to the...
  9. Import EFS File Encryption Certificate and Key (PFX file) in Windows 10

    in Windows 10 News
    Import EFS File Encryption Certificate and Key (PFX file) in Windows 10: [ATTACH] [ATTACH]When you EFS encrypt your files/folders, it’s recommended you create a backup of your file encryption certificate and key to a PFX file, to avoid permanently losing access to your encrypted files and folders if the original certificate and key [...] This...
  10. Microsoft Certification

    in Windows 10 Customization
    Microsoft Certification: which is the best Microsoft certification to take right now for Windows 10. Most certifications am seeing on the Microsoft website looks to retire soon like ending of the month. Any idea what I can take to broaden my windows 10 knowledge...