OpenSSL 3.0 generating p12 certificate issue with FIPS

user1631072

7/24/24, 7:17 AM

I am running the OpenSSL command to generate bundle.p12 with -legacy option. RHEL 9 FIPS Enabled setup.

  openssl pkcs12 -export -legacy -in cacert.pem -inkey cakey.pem -out bundle.p12

Error creating PKCS12 structure for bundle.p12
80C4B9FD5E7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 187), Properties ()
80C4B9FD5E7F0000:error:11800067:PKCS12 routines:PKCS12_item_i2d_encrypt_ex:encrypt error:crypto/pkcs12/p12_decr.c:191:
80C4B9FD5E7F0000:error:11800067:PKCS12 routines:PKCS12_pack_p7encdata_ex:encrypt error:crypto/pkcs12/p12_add.c:127:

How can I resolve this issue in RHEL 9 FIPS environment?

0 + 1

certificate

openssl

fips-140-2

rhel9

user1686

7/24/24, 11:38 AM

Isn't that exactly what FIPS 140-2 mode is _supposed to do_?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: OpenSSL 3.0 generating p12 certificate issue with FIPS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.