I'm setting up a new, local CA.
The local openssl instance is
openssl version
OpenSSL 1.0.2h 3 May 2016
config'd/built with
...
no-comp no-zlib no-zlib-dynamic \
enable-ec_nistp_64_gcc_128 \
enable-rfc3779 \
enable-ecdsa \
no-idea \
no-mdc2 \
no-rc2 \
no-rc5 \
no-ssl2 \
no-ssl3 \
no-weak-ssl-ciphers
pkcs12 export, which worked a (long) while ago, now fails,
openssl genrsa -des3 -aes256 -out test_CA.key 4096
openssl req -new -x509 -sha512 -days 365 -set_serial 01 -config
./openssl.cnf -subj
"/C=US/ST=ST/L=CITY/O=example.com/OU=test_CA/emailAddress=s...@example.com/CN=test_CA"
\
-key test_CA.key \
-out test_CA.crt
openssl pkcs12 -export \
-in test_CA.crt \
-inkey test_CA.key \
-out test_CA.p12
140199860266640:error:060740A0:digital envelope
routines:EVP_PBE_CipherInit:unknown cipher:evp_pbe.c:181:
140199860266640:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12
algor cipherinit error:p12_decr.c:87:
140199860266640:error:2306C067:PKCS12
routines:PKCS12_item_i2d_encrypt:encrypt error:p12_decr.c:188:
140199860266640:error:23073067:PKCS12
routines:PKCS12_pack_p7encdata:encrypt error:p12_add.c:213:
Looks like the config above removed a required cipher? Perhaps too
stringent ...
What's the fix/workaround to get pkcs12 export working again?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
