With OpenSSL 3, certain encryption algorithms have been deprecated or removed to prioritize stronger security measures and streamline the library’s codebase.
OpenSSL::PKCS12::PKCS12Error (PKCS12_parse: unsupported (Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()))
This error message indicates that your .p12 file uses a legacy algorithm not supported by OpenSSL 3.0. Follow these steps to convert your certificate to the new format compatible with the latest OpenSSL version.
Replace CERTIFICATE_FILE_NAME with the actual name of your PKCS12 certificate file.
cp CERTIFICATE_FILE_NAME.p12 temp_certificate.p12
Convert the temp_certificate.p12 file from PKCS12 format to a temp_certificate.pem file in PEM format without encrypting the private key in the output file. Replace CERTIFICATE_PASSWORD with the actual password of the certificate.
openssl pkcs12 -legacy -in temp_certificate.p12 -out temp_certificate.pem -nodes -passin pass:CERTIFICATE_PASSWORD
Extract the private key from the temp_certificate.p12 file in PKCS12 format and store it in the temp_certificate.key file. The private key in the output file will be encrypted.
openssl pkcs12 -legacy -in temp_certificate.p12 -nocerts -out temp_certificate.key -passin pass:CERTIFICATE_PASSWORD -passout pass:'CERTIFICATE_PASSWORD'
Generate a new new_certificate.p12 file in PKCS12 format based on the private key from the temp_certificate.key file and the certificate from the temp_certificate.pem file.
openssl pkcs12 -export -out new_certificate.p12 -inkey temp_certificate.key -in temp_certificate.pem -passin pass:CERTIFICATE_PASSWORD -passout pass:CERTIFICATE_PASSWORD
rm -rf temp_certificate.p12 temp_certificate.pem temp_certificate.key
Done! Your certificate is now ready and named new_certificate.p12. You can utilize it for document signing.