Entrust CA Certificate - Error outputting keys and certificates

Hi there guys,

anyone using Entrust CA Certificates for Anaplan Data Integration?

Following the recommendations from Anaplan's list of Supported Root CA Certificates, I have purchased a S/MIME certificate from Entrust and got a ".p12" certificate downloaded to my computer.

When trying to export the Public Certificate following Anapan's guide instructions, I entered the following command:

C:\OpenSSL-Win64\bin>openssl pkcs12 -in "My-Downloaded-Entrust-Certificate.p12" -nokeys -out "PublicKey.pem"

And got the following error:

Error outputting keys and certificates
C42C0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:346:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

Screenshot for more details:

Googling around, seems like this certificate uses some sort of legacy encryption technology no longer supported by Open SSL.

Do any of you use Entrust Certificates or have come across this kind of issue before? Any help is more than welcome at this point.

Thanks,

Alex

Accepted answers

vipsgoyani2000

Update : I was able to resolved the certificate conversion issue. OpenSSL version 1.1.1 does not required legacy.dll file. Command works perfectly fine with older version of OpenSSL(v1.1.1)

sean_culligan

I found the solution to this issue, as I ran into the same issue with an entrust p12 certificate. The issue is that the newer versions of openssl do not support the old entrust methods as standard, so you need to enable legacy libraries for openssl which they call providers. This is done by changing some values in the application configuration file, then restarting the application.

If you google enable legacy providers openssl there are a number of guides available, and I have attached a link to one guide below:

https://www.practicalnetworking.net/practical-tls/openssl-3-and-legacy-providers/

One final tip which caught me out, is that you need to close your command line window after changing the config file to restart the openssl executable. So if you have made changes to the config file per the link enclosed and the new legacy provider is not showing, try and close your console and reopen to see if that sorts the issue.

All comments

elisa.richomme

Hello,

Did you ever solve your issue?

Thank you,

Elisa

selvaam12

Hi,

I have recently used Entrust S MIME type certificate. Check with your IT security team they should help or use the below command to convert .p12 to .pem in open SSL.

pkcs12 -in "filepath.p12" -nokeys -out "filepath.pem"

This will generate your .pem certificate.

-- Selva.

AlejandroGomez

Hi @elisa.richomme , unfortunately I did not manage to solve this.

thanks @selvaam12 for your help.

nevertheless, I ended up purchasing a S MIME certificate from different provider.

I do not remember the name right now. Let me know if you need a hand here.

Cheers

alex

vipsgoyani2000

Hi @selvaam12

Are you able to resolved the error with Entrust Certificate ?

The command to convert .p12 to .pem is throwing same error. As @AlejandroGomez motioned , it seems like legacy.dll file issue.

Thanks

Vipul

vipsgoyani2000

Update : I was able to resolved the certificate conversion issue. OpenSSL version 1.1.1 does not required legacy.dll file. Command works perfectly fine with older version of OpenSSL(v1.1.1)

AlejandroGomez

Thank you for sharing @vipsgoyani2000

sean_culligan

If you google enable legacy providers openssl there are a number of guides available, and I have attached a link to one guide below:

https://www.practicalnetworking.net/practical-tls/openssl-3-and-legacy-providers/

AlejandroGomez

Thanks a lot for taking the time to share this @sean_culligan, you are a superstar!

Quick Links

Can you help?

Unanswered questions

Predefaulting A Feild in ANAPLAN
Hello Anaplan Community, I have a special requirement from a customer and would appreciate your input. Let me explain the situation: We have a hierarchy with three levels: Level 1, Level 2, and Level 3. Screen 1: Creation of Level 1 Items On this screen, the user selects a team. Based on their selection, an action runs to…
Looking for Anaplan End-Users to take a short survey!
We are looking for Anaplan end-users to provide feedback on their experiences with the Excel add-in. Interested individuals will respond to this 5-minute survey to help us understand personal needs and behavior when using the add-in. The feedback provided by survey takers is essential to the roadmap of Anaplan's products.…
CERTIFICATION BADGES - ANNOUNCEMENT
Anaplan Champions! The Community team just posted this announcement that certification badges may not be showing up on your profile probably until next year. Rest assured, you will get credit once you complete and pass the exams. https://community.anaplan.com/t5/Blog/Badges-Back-Soon/ba-p/123385