erny
Reputation: 2489
Convert an old style .p12 to .pem (unsupported algorithm RC2-40-CBC)
There seem to exist still some tools which generate private keys encrypted with RC2-40-CBC
Although I'm able to export it to a new key store using keytool -importkeystore it seems that I can't get rid of this algorithm.
How to convert them to PEM ?
OpenSSL fails with:
digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Upvotes: 47
Views: 41762
Answers (2)
Mateusz Przybylek
Reputation: 5825
You can change it permamently in OpenSSL configuration. Just modify file /etc/ssl/openssl.cnf
Find the [default_sect] section and change it to:
[default_sect]
activate = 1
[legacy_sect]
activate = 1
Then find the [provider_sect] and use:
[provider_sect]
default = default_sect
legacy = legacy_sect
Save file.
Upvotes: 8
erny
Reputation: 2489
openssl has a key algorithm provider called legacy. Just try with:
openssl pkcs12 -in mycert.p12 -legacy -nodes
Upvotes: 95
Related Questions
- Converting PKCS#12 certificate into PEM using OpenSSL
- Creating a .p12 file
- Need a little help to generate p12 cert
- Openssl convert .PEM containing only RSA Private Key to .PKCS12
- How can I convert a .p12 to a .pem containing an unencrypted PKCS#1 private key block?
- How to convert .p12 to .crt file?
- Convert SSL .pem to .p12 with or without OpenSSL
- Converting .p12 to .pem in ubuntu
- How do I convert a PEM cert to a PKCS12 with GnuTLS
- Convert to PKCS12 v1.0