in the event of an expiring trust chain due to a cross signed root or intermediate, you may have an expiring chain installed and need to replace it (like with theAddTrust root expiration) withSectigo. To update the trust chain for a given alias in a pkcs12 keystore...
Similar to#11672,PKCS12_createas perhttps://www.openssl.org/docs/manmaster/man3/PKCS12_create.htmlsays The parametersnid_key,nid_cert,iter,mac_iterandkeytypecan all be set to zero and sensible defaults will be used. These defaults are: 40 bit RC2 encryption for certificates, triple DES e...
Create a PFX/P12 file with only certificates ("other_certificates") Try to parse the file or run the export again over the same file openssl_pkcs12:path:"{{ truststore_path }}"name:truststoreother_certificates:"{{ cacert_path }}"
Summary --- Transition the default keystore type from JKS to [PKCS12][pkcs12]. [pkcs12]: https://en.wikipedia.org/wiki/PKCS_12 Goals --- - Improve security. PKCS12 offers stronger cryptographic algorithms than JKS. - Maintain forward and backward compatibility. Applications that access JKS...
PKCS12_init, PKCS12_init_ex - Create a new empty PKCS#12 structure SYNOPSIS #include <openssl/pkcs12.h> PKCS12 *PKCS12_init(int mode); PKCS12 *PKCS12_init_ex(int mode, OSSL_LIB_CTX *ctx, const char *propq); DESCRIPTION PKCS12_init() creates an empty PKCS#12 structure. Any ...
So using a PKI with the structure root->intermediate->leaf and using a CA like step-ca it will make sense to create pkcs#12 certificate like: step ca certificate mariano@smallstep.com mariano.crt mariano.key step certificate p12 mariano.crt mariano.key --ca $(step path)/certs/root_ca....
Message="The specified PKCS#12 X.509 certificate content can not be read. Please check if certificate is in valid PKCS#12 format." Happy to try out the TF logging, if someone can give me pointers on how to set it up TF_LOG=TRACE did not work for me. 👍 1 vermegi commented Oct...