Entrust CA Certificate - Error outputting keys and certificates
Hi there guys,
anyone using Entrust CA Certificates for Anaplan Data Integration?
Following the recommendations from Anaplan's list of Supported Root CA Certificates, I have purchased a S/MIME certificate from Entrust and got a ".p12" certificate downloaded to my computer.
When trying to export the Public Certificate following Anapan's guide instructions, I entered the following command:
C:\OpenSSL-Win64\bin>openssl pkcs12 -in "My-Downloaded-Entrust-Certificate.p12" -nokeys -out "PublicKey.pem"
And got the following error:
Error outputting keys and certificates C42C0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:346:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Screenshot for more details:
Googling around, seems like this certificate uses some sort of legacy encryption technology no longer supported by Open SSL.
Do any of you use Entrust Certificates or have come across this kind of issue before? Any help is more than welcome at this point.
Thanks,
Alex
Best Answers
-
Update : I was able to resolved the certificate conversion issue. OpenSSL version 1.1.1 does not required legacy.dll file. Command works perfectly fine with older version of OpenSSL(v1.1.1)
1 -
I found the solution to this issue, as I ran into the same issue with an entrust p12 certificate. The issue is that the newer versions of openssl do not support the old entrust methods as standard, so you need to enable legacy libraries for openssl which they call providers. This is done by changing some values in the application configuration file, then restarting the application.
If you google enable legacy providers openssl there are a number of guides available, and I have attached a link to one guide below:
One final tip which caught me out, is that you need to close your command line window after changing the config file to restart the openssl executable. So if you have made changes to the config file per the link enclosed and the new legacy provider is not showing, try and close your console and reopen to see if that sorts the issue.
1
Answers
-
Hello,
Did you ever solve your issue?
Thank you,
Elisa
0 -
Hi,
I have recently used Entrust S MIME type certificate. Check with your IT security team they should help or use the below command to convert .p12 to .pem in open SSL.
pkcs12 -in "filepath.p12" -nokeys -out "filepath.pem"
This will generate your .pem certificate.
-- Selva.
1 -
Hi @elisa.richomme , unfortunately I did not manage to solve this.
thanks @selvaam12 for your help.
nevertheless, I ended up purchasing a S MIME certificate from different provider.
I do not remember the name right now. Let me know if you need a hand here.
Cheers
alex
0 -
Hi @selvaam12
Are you able to resolved the error with Entrust Certificate ?
The command to convert .p12 to .pem is throwing same error. As @AlejandroGomez motioned , it seems like legacy.dll file issue.
Thanks
Vipul
1 -
Thank you for sharing @vipsgoyani2000
0 -
Thanks a lot for taking the time to share this @sean_culligan, you are a superstar!
1
