Hi out there,
while debugging another issue (Stuck on OPNWAF) I got a strange issue with a Client SSL cert that I created in the Opnsense FW
under System -> trust -> certificates I created a client auth cert, that I signed with a Root & ICA that I created on the FW also.
I exported the pub + priv key (P12)
I was debugging the auth using OpenSSL and go the error:
Could not find client certificate private key from .\CLIENT_SSL_WIM.p12
14530000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
so I was interested in the P12 itself:
'C:\Program Files\OpenSSL-Win64\bin\openssl' pkcs12 -in .\CLIENT_SSL_WIM1.p12 -info
Enter Import Password:
MAC: sha1, Iteration 1
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Error outputting keys and certificates
8C6E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Is this me, or do we have an issue ?
Wim
Hi again.
next test I did is to create a CSR with openssl and let it sign by the ICA on the FW.
I downloaded the CRT created a PFX.
I could read the PFX using Openssl without a problem
Wim
Seems like I have a similiar issue:
https://forum.opnsense.org/index.php?topic=41928