Generating PFX with 3DES
Newbie User
n3wbie001 at gmail.com
Wed Mar 1 14:32:22 UTC 2023
Thank you Michael, will check and verify. I also saw a keypbe option. Do we
have any official docs for all these? Didn't see anything explained in
OpenSSL docs for this.
Also why isn't it by default 3DES as RC2 is deprecated long time back.
Regards
On Tue, Feb 28, 2023, 11:36 PM Michael Wojcik <Michael.Wojcik at microfocus.com>
wrote:
> > From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of
> Newbie User
> > Sent: Tuesday, 28 February, 2023 10:22
>
> > I was trying to generate a PFX file from cert.pem and key.pem, however
> it seems that default OpenSSL
> > still using RC2 for PKCS7 data type.
>
> Specify a different PBE for the certificate with the -certpbe option. For
> example:
>
> $ openssl pkcs12 -export -inkey key.pem -in cert.pem -certpbe
> PBE-SHA1-3DES -out output.pfx
>
> ("PFX" is an archaic format which has been superseded by PKCS#12, so
> personally I eschew that file suffix, but it really doesn't matter.) This
> works for me using OpenSSL 3.0.8.
>
> You can use
>
> $ openssl pkcs12 -in output.pfx -info -noout
>
> to verify the PBE used for the certificate and key.
>
> --
> Michael Wojcik
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230301/ee704a8c/attachment.htm>
More information about the openssl-users
mailing list