Thank you Michael, will check and verify. I also saw a keypbe option. Do we have any official docs for all these? Didn't see anything explained in OpenSSL docs for this.
Also why isn't it by default 3DES as RC2 is deprecated long time back.
On Tue, Feb 28, 2023, 11:36 PM Michael Wojcik <Michael.Wojcik@xxxxxxxxxxxxxx> wrote:
> From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf Of Newbie User
> Sent: Tuesday, 28 February, 2023 10:22
> I was trying to generate a PFX file from cert.pem and key.pem, however it seems that default OpenSSL
> still using RC2 for PKCS7 data type.
Specify a different PBE for the certificate with the -certpbe option. For example:
$ openssl pkcs12 -export -inkey key.pem -in cert.pem -certpbe PBE-SHA1-3DES -out output.pfx
("PFX" is an archaic format which has been superseded by PKCS#12, so personally I eschew that file suffix, but it really doesn't matter.) This works for me using OpenSSL 3.0.8.
You can use
$ openssl pkcs12 -in output.pfx -info -noout
to verify the PBE used for the certificate and key.