I'm setting up a new, local CA. The local openssl instance is openssl version OpenSSL 1.0.2h 3 May 2016 config'd/built with ... no-comp no-zlib no-zlib-dynamic \ enable-ec_nistp_64_gcc_128 \ enable-rfc3779 \ enable-ecdsa \ no-idea \ no-mdc2 \ no-rc2 \ no-rc5 \ no-ssl2 \ no-ssl3 \ no-weak-ssl-ciphers pkcs12 export, which worked a (long) while ago, now fails, openssl genrsa -des3 -aes256 -out test_CA.key 4096 openssl req -new -x509 -sha512 -days 365 -set_serial 01 -config ./openssl.cnf -subj "/C=US/ST=ST/L=CITY/O=example.com/OU=test_CA/emailAddress=ssl at example.com/CN=test_CA" \ -key test_CA.key \ -out test_CA.crt openssl pkcs12 -export \ -in test_CA.crt \ -inkey test_CA.key \ -out test_CA.p12 140199860266640:error:060740A0:digital envelope routines:EVP_PBE_CipherInit:unknown cipher:evp_pbe.c:181: 140199860266640:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:87: 140199860266640:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt error:p12_decr.c:188: 140199860266640:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt error:p12_add.c:213: Looks like the config above removed a required cipher? Perhaps too stringent ... What's the fix/workaround to get pkcs12 export working again?
