diff --git a/func/deb_sys.sh b/func/deb_sys.sh
index f678e6f..8b464c1 100644
--- a/func/deb_sys.sh
+++ b/func/deb_sys.sh
@@ -786,15 +786,26 @@ do_deb_sys_cert_install(){
   fi
 
   local pfx_cmd
+#  pfx_cmd="openssl pkcs12 -export \
+#  -out \"$cert_pfx\" \
+#  -inkey \"$cert_key\" \
+#  -in \"$pfx_input\" \
+#  -certfile \"$pfx_input\" \
+#  -passout pass: \
+#  -legacy \
+#  && chown root:\"$current_group\" \"$cert_pfx\" \
+#  && chmod 640 \"$cert_pfx\""
+
   pfx_cmd="openssl pkcs12 -export \
-  -out \"$cert_pfx\" \
-  -inkey \"$cert_key\" \
-  -in \"$pfx_input\" \
-  -certfile \"$pfx_input\" \
-  -passout pass: \
-  -legacy \
-  && chown root:\"$current_group\" \"$cert_pfx\" \
-  && chmod 640 \"$cert_pfx\""
+    -out \"$cert_pfx\" \
+    -inkey \"$cert_key\" \
+    -in \"$pfx_input\" \
+    -passout pass: \
+    -keypbe AES-256-CBC -certpbe AES-256-CBC \
+    && chown root:\"$current_group\" \"$cert_pfx\" \
+    && chmod 640 \"$cert_pfx\""
+
+
 
   # ------------------------------------------------------------------
   # Construction de la liste des services à redémarrer