CNG and CSP (CryptoAPI) provider certificates

One problem I ran into is support for the CNG provider certificates in older software. Skype for Business 2015 for example does not work with the certificates from Certify without conversion to the older CSP (CryptoAPI) provider. Certificates exported by Certify are using CNG by default.

Is it possible to add an option in export certificate to select the cryptography provider when exporting as pfx? As this problem is mostly with older software, I guess it will have only limited use (but will help me :smiley: ).

A workaround is exporting as PEM and then using openssl to convert to pfx, or using the following lines:

openssl.exe pkcs12 -in sip.pfx -out sip2020.pem -passin pass: -passout pass:Secret123
openssl.exe pkcs12 -export -in sip2020.pem -out sip2020.pfx -passin pass:Secret123 -passout pass: -CSP "Microsoft RSA SChannel Cryptographic Provider"
1 Like

Thanks for the tip. This has come up a couple of times over the last few years and yes I think it would be a good feature to add, if we could get just a little more demand for it. So if anyone else also needs this, time to let your voice be heard!