Strange issue with CLient Auth certs

Started by WMINTIENS, March 06, 2024, 08:43:32 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 06, 2024, 08:43:32 AM
Hi out there,

while debugging another issue  (Stuck on OPNWAF) I got a strange issue with a Client SSL cert that I created in the Opnsense FW

under System -> trust -> certificates I created a client auth cert, that I signed with a Root & ICA that I created on the FW also.

I exported the pub + priv key (P12)

I was debugging the auth using OpenSSL and go the error:

Could not find client certificate private key from .\CLIENT_SSL_WIM.p12
14530000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

so I was interested in the P12 itself:

'C:\Program Files\OpenSSL-Win64\bin\openssl' pkcs12 -in .\CLIENT_SSL_WIM1.p12 -info
Enter Import Password:

MAC: sha1, Iteration 1
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Error outputting keys and certificates
8C6E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()


Is this me, or do we have an issue ?

Wim
March 06, 2024, 11:28:55 AM #1
Hi again.

next test I did is to create a CSR with openssl and let it sign by the ICA on the FW.

I downloaded the CRT created a PFX.

I could read the PFX using Openssl without a problem

Wim
August 02, 2024, 12:33:57 PM #2
Seems like I have a similiar issue:
https://forum.opnsense.org/index.php?topic=41928
Print
Go Up Pages1
User actions