Generating PFX with 3DES
Michael Wojcik
Michael.Wojcik at microfocus.com
Tue Feb 28 18:06:29 UTC 2023
> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Newbie User
> Sent: Tuesday, 28 February, 2023 10:22
> I was trying to generate a PFX file from cert.pem and key.pem, however it seems that default OpenSSL
> still using RC2 for PKCS7 data type.
Specify a different PBE for the certificate with the -certpbe option. For example:
$ openssl pkcs12 -export -inkey key.pem -in cert.pem -certpbe PBE-SHA1-3DES -out output.pfx
("PFX" is an archaic format which has been superseded by PKCS#12, so personally I eschew that file suffix, but it really doesn't matter.) This works for me using OpenSSL 3.0.8.
You can use
$ openssl pkcs12 -in output.pfx -info -noout
to verify the PBE used for the certificate and key.
--
Michael Wojcik
More information about the openssl-users
mailing list