I have generated a Key Pair using OpenSSL like this and specified Password1
openssl req -x509 -newkey rsa:4096 -keyout MyApp.key -out MyApp.crt -sha256 -days 365 -passout pass:Password1
Then I generate PFX file as below, and specified Password2 for export
openssl pkcs12 -export -out MyApp.pfx -inkey MyApp.key -in MyApp.crt -password pass:Password2
When I load X509Certificate2, I just supply the Export Password for PFX. And I can still read the PrivateKey. What is the use of the "Password1", that I used initially to create Key Pair. Where do I specify that?
X509Certificate2 cert = new X509Certificate2("C:\\Path\To\MyApp.pfx", "Password2", X509KeyStorageFlags.MachineKeySet)
Password1 would have been/is required to read the MyApp.key file to build the PFX. Once it was read into the PFX the contents were re-encrypted with Password2.