diff --git a/CHANGELOG.md b/CHANGELOG.md
index 79bf273..ce0aacb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,6 @@
+v2.9.1
+- Big Fix: Use AES encryption when creating Pkcs12 files
+
 v2.9.0
 - Modify Discovery on Linux servers to filter out ignored folders when searching using the Find command rather than eliminating them after.  This was done to eliminate permissions errors.
 - Deprecated isRSAPrivateKey custom property on RFPEM certificate store type.  Integration now reads the existing private key to determin if it is formatted as PKCS#1 or PKCS#8 and, on renewal, keeps the format the same.  For new PEM certificate stores/certificates, PKCS#8 will always be used.  PLEASE NOTE, for existing certificate stores that already have isRSAPrivateKey defined, this setting will be ignored.
diff --git a/RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs
index 2b159f9..a66e9e6 100644
--- a/RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs
+++ b/RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs
@@ -12,10 +12,13 @@
 using Keyfactor.Extensions.Orchestrator.RemoteFile.Models;
 
 using Org.BouncyCastle.Pkcs;
+using Org.BouncyCastle.Asn1.Pkcs;
+
 using Keyfactor.Logging;
 using Microsoft.Extensions.Logging;
 using System.Linq;
 using Keyfactor.PKI.Extensions;
+using Org.BouncyCastle.Asn1.Nist;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile.PKCS12
 {
@@ -53,6 +56,10 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, strin
         public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, string storeFileName, string storePassword, IRemoteHandler remoteHandler)
         {
             Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
+            storeBuilder.SetCertAlgorithm(PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc);
+            storeBuilder.SetKeyAlgorithm(NistObjectIdentifiers.IdAes256Cbc, PkcsObjectIdentifiers.IdHmacWithSha256);
+            storeBuilder.SetUseDerEncoding(true);
+
             Pkcs12Store workingStore = storeBuilder.Build();
 
             foreach (string alias in certificateStore.Aliases)
@@ -88,6 +95,10 @@ public string GetPrivateKeyPath()
         private Pkcs12Store ConvertAliases(Pkcs12Store workingStore, bool useThumbprintAsAlias)
         {
             Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
+            storeBuilder.SetCertAlgorithm(PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc);
+            storeBuilder.SetKeyAlgorithm(NistObjectIdentifiers.IdAes256Cbc, PkcsObjectIdentifiers.IdHmacWithSha256);
+            storeBuilder.SetUseDerEncoding(true);
+
             Pkcs12Store returnStore = storeBuilder.Build();
 
             if (HasEmptyAliases)