Score:0

OpenSSL 3.0 generating p12 certificate issue with FIPS

id flag

I am running the OpenSSL command to generate bundle.p12 with -legacy option. RHEL 9 FIPS Enabled setup.

  openssl pkcs12 -export -legacy -in cacert.pem -inkey cakey.pem -out bundle.p12
Error creating PKCS12 structure for bundle.p12
80C4B9FD5E7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 187), Properties ()
80C4B9FD5E7F0000:error:11800067:PKCS12 routines:PKCS12_item_i2d_encrypt_ex:encrypt error:crypto/pkcs12/p12_decr.c:191:
80C4B9FD5E7F0000:error:11800067:PKCS12 routines:PKCS12_pack_p7encdata_ex:encrypt error:crypto/pkcs12/p12_add.c:127:

How can I resolve this issue in RHEL 9 FIPS environment?

user1686 avatar
fr flag
Isn't that exactly what FIPS 140-2 mode is _supposed to do_?
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.