Bug 1559993

Summary: PKCS#12 files created by NSS are incompatible with Microsoft Windows [rhel-6]
Product: Red Hat Enterprise Linux 6 Reporter: Alicja Kario <hkario>
Component: nssAssignee: Daiki Ueno <dueno>
Status: CLOSED ERRATA QA Contact: Stefan Dordevic <sdordevi>
Severity: high Docs Contact:
Priority: medium    
Version: 6.10CC: kengert, mthacker, qe-baseos-security, sdordevi, szidek
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-3.36.0-7.el6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1559989 Environment:
Last Closed: 2018-06-19 05:10:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1559989    
Bug Blocks:    

Description Alicja Kario 2018-03-23 16:57:00 UTC 
+++ This bug was initially created as a clone of Bug #1559989 +++

Description of problem:
PKCS#12 files exported by NSS use 1000000 (1M) iterations for the key derivation function. Microsoft Windows does not support higher iteration count than 600000 (600k), aborting the import with invalid password error message.
The Event Viewer includes "PFX operation failed as Iteration count doesn't lie in expected range. Maximum permissible value: 600000. Erroneous value: 1000000"

Version-Release number of selected component (if applicable):
nss-3.34.0-1.el7

How reproducible:
Always

Steps to Reproduce:
1. Export key from nssdb to a PKCS#12 files
2. try importing the file to Microsoft key store

Actual results:
Invalid password error message

Expected results:
Key and certificates from PKCS#12 file imported successfully.

Additional info:
Issue introduced as a result of fixing bug 1462312.
Comment 8 errata-xmlrpc 2018-06-19 05:10:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:1865