I have read 25 different posts on how to install a certificate into FileZilla Server, so I'm here out of last resort. Using the documentation I used last time I went through this.....
I have an exported PFX file (and password) from a wildcard certificate from a Windows machine. I have OpenSSL (full) installed from http://slproweb.com/products/Win32OpenSSL.html. These are the commands I'm attempting to run:
openssl pkcs12 -in 20211214.pfx -nocerts -nodes -passin pass:<password> | openssl rsa -out 20211214.pem
openssl pkcs12 -in 20211214.pfx -clcerts -nokeys -passin pass:<password> -out 20211214.crt
Bombs at the first one but does create a file.
C:\certs>openssl pkcs12 -in 20211214.pfx -nocerts -nodes -passin pass:<password> | openssl rsa -out 20211214.pem
Error outputting keys and certificates
AC080000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
writing RSA key
Same when I try this
C:\certs>openssl pkcs12 -in 20211214.pfx -out 20211214.pem -nodes
Enter Import Password:
Error outputting keys and certificates
BC060000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
What am I missing here?
Trying to put in new cert - keep getting errors
Moderator: Project members
Re: Trying to put in new cert - keep getting errors
It looks like that file is encrypted with RC2-40-CBC, which OpenSSL doesn't support.
It's an extremely outdated and insecure algorithm with a minuscule key size, it's not supported by your version of OpenSSL.
Personally I've always GnuTLS' certtool to transform key/certificate files between formats.
It's an extremely outdated and insecure algorithm with a minuscule key size, it's not supported by your version of OpenSSL.
Personally I've always GnuTLS' certtool to transform key/certificate files between formats.
Re: Trying to put in new cert - keep getting errors
Interesting. That is how Windows 2016 (Exchange 2016) exported the cert. Maybe I'll try importing on a newer Windows machine and then exporting again.