Error Importing PFX Error

Document created by chris_fagan Employee on Jun 13, 2016Last modified by chris_stevens on Feb 2, 2017
Version 3Show Document
  • View in full screen mode


When attempting to import a PFX certificate, you receive the following error:



An additional error message that may appear are as follows:

Error loading private certificate. Please verify password. Embedded error: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded


The issue can occur when the provided *.PFX certificate container does not have an alias associated with a certificate. According to Java 7 documentation, a certificate must have an alias in order to be loaded into it's key store. To check the aliases within a PFX certificate, you can run the following command:

keytool -v -list keystore filename.pfx -storetype pkcs12



In order to attach the *.PFX certificate, it needs to be first converted to a *.PEM format and then *.P12 formatted should be exported from that file using OpenSSL. To do so, follow these steps:

  1. Open a command prompt and locate your OpenSSL tool.
  2. Run this command to convert the PFX certificate to PEM format:
    openssl pkcs12 -in filename.pfx -out filename.pem -nodes
  3. Once converted, use your OpenSSL tool to export the P12 formatted certificate from the PEM file. Do this by running the following command:
    openssl pkcs12 -export -in filename.pem -out filename.p12 -name "MyCert"
  4. Import the P12 formatted file to generate/create X.509 certificate that can be used in Boomi.