Bug 1559989

Summary: PKCS#12 files created by NSS are incompatible with Microsoft Windows [rhel-7]
Product: Red Hat Enterprise Linux 7 Reporter: Alicja Kario <hkario>
Component: nssAssignee: Daiki Ueno <dueno>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: high    
Version: 7.5CC: jreznik, mthacker, szidek, toneata
Target Milestone: rcKeywords: Regression, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1559993 1564989 (view as bug list) Environment:
Last Closed: 2018-11-09 14:46:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1559993, 1564989    

Description Alicja Kario 2018-03-23 16:44:03 UTC 
Description of problem:
PKCS#12 files exported by NSS use 1000000 (1M) iterations for the key derivation function. Microsoft Windows does not support higher iteration count than 600000 (600k), aborting the import with invalid password error message.
The Event Viewer includes "PFX operation failed as Iteration count doesn't lie in expected range. Maximum permissible value: 600000. Erroneous value: 1000000"

Version-Release number of selected component (if applicable):
nss-3.34.0-1.el7

How reproducible:
Always

Steps to Reproduce:
1. Export key from nssdb to a PKCS#12 files
2. try importing the file to Microsoft key store

Actual results:
Invalid password error message

Expected results:
Key and certificates from PKCS#12 file imported successfully.

Additional info:
Issue introduced as a result of fixing bug 1462312.