Opera 9.5 and 10 (beta) have a strange behavior with PKCS#12 certificates. Indeed, many users have been blocked when importing their certificates from Internet Explorer or Firefox.

I have not found any documentation from the Opera team and any help over the Internet so I decided to post my method.

First, in your current browser export your certificate as a PKCS#12 certificate. Suppose you have your PKCS#12 certificate which includes a private key.

If i try to import it with opera I have the following error :

The key of the certificate was encrypted using an unsupported method, possibly one that is not considered strong enough.

Let's see what openssl says about our certificate :

$ openssl pkcs12 -in certificate.p12 -info
Enter Import Password:
MAC Iteration 1
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1
Bag Attributes
    friendlyName: Certificat import
    localKeyID: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,XXXXXXXXXXXXXXXX

...
-----END RSA PRIVATE KEY-----
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1
Certificate bag
Bag Attributes
    friendlyName: Certificat import
    localKeyID: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
subject=/O=xxxx/OU=xxxx/CN=xxxx
issuer=/O=xxxx/OU=xxxx
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

Then the certificate export as a PEM file :

$ openssl pkcs12 -in certificate.p12 -nokeys -out cert.pem
Enter Import Password:
MAC verified OK

Then the private key export as a PEM file :

openssl pkcs12 -in certificate.p12 -nocerts -out key.pem 
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

Now we have the certificate and the private key as PEM files :

$ ls
certificate.p12  cert.pem  key.pem

The last step, create a valid PKCS#12 Opera certificate :

$ openssl pkcs12 -export -in cert.pem -inkey key.pem -descert -out new-certificate.p12
Enter pass phrase for key.pem:
Enter Export Password:
Verifying - Enter Export Password:

What are the differences with the initial PKCS#12 certificate ? Initial :

MAC Iteration 1
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1

Final :

MAC Iteration 2048
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

Opera requires a high level of security, PKCS#12 certificates must be conform with RC2-40.

You will now be able to import the certificate !!