Open haijunsu opened 2 years ago
Hi @haijunsu, could you double check if you can also reproduce this issue in our latest stable release (2022.5.0)?
We had a similar issue (#4543) a while back related to one of the dependencies we use (node-libcurl) and it might have something to do with the PKCS12 file being in a format not supported by recent curl/node-libcurl versions (other different example).
Hi @filfreire, I tried the latest stable release (2022.5.0) first and it didn't work. Then I tried every stable version backward until I found the version 2021.7.2 which worked.
Hi @filfreire, I think I have the same issue as the example. my certificate does have the information PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048. Since the certificate was generated by security team and protected by password and PEM pass phrase, I cannot convert it to new format to verify the result.
@johnwchadwick looking for your expertise on this: any ideas if there is something we can do on our side, maybe on node-libcurl so that this kind of legacy certificates/encryption would be supported in the future, or not really feasible in long term for us to try and accommodate for?
Support for the RC2 cipher was moved into the OpenSSL legacy module in OpenSSL 3.x; I believe enabling this module would resolve the problem. It's something we'll have to look into.
What is the workaround? Same problem here.
The Windows and Linux version does NOT support using PFX, only CRT File (Cert) together with a Key File. The Key File has to be in PEM-format.
I had exatcly the same issue on my Windows computer using Windows 10 and Insomnia 2022.6.0.
Here is the documentation that states that PFX is not supported: https://docs.insomnia.rest/insomnia/client-certificates
It is mentioned twice on this help page.
The procedure to extract the crt-file and key-file is:
Use an openssl prior to openssl 3.x or it will throw an error due to the older insecure PFX-format that is not supported.
I used my Git Bash commandline which has OpenSSL 1.1.1q:
winpty openssl pkcs12 -in the-pfx-file.pfx -clcerts -nokeys -out the-crt-file.crt winpty openssl pkcs12 -in the-pfx-file.pfx -nocerts -out the-key-file.key winpty openssl rsa -in the-key-file.key -outform PEM .out the-pem-key-file.pem
(the winpty is used only in the Git Bash because the openssl command will freeze if not used. If you use openssl command in other shells it might not be necessary to prefix the openssl command with winpty).
the-crt-file.crt is obviously the crt/cert file to point to and the-pem-key-file.pem is the key-file to point to. The the-key-file.key is not necessary for Insomnia.
Support for the RC2 cipher was moved into the OpenSSL legacy module in OpenSSL 3.x; I believe enabling this module would resolve the problem. It's something we'll have to look into.
Thanks for this, this got me to the answer - I just needed to add the -legacy
command line option to make it work.
The Windows and Linux version does NOT support using PFX, only CRT File (Cert) together with a Key File. The Key File has to be in PEM-format.
I had exatcly the same issue on my Windows computer using Windows 10 and Insomnia 2022.6.0.
Here is the documentation that states that PFX is not supported: https://docs.insomnia.rest/insomnia/client-certificates
It is mentioned twice on this help page.
The procedure to extract the crt-file and key-file is:
Use an openssl prior to openssl 3.x or it will throw an error due to the older insecure PFX-format that is not supported.
I used my Git Bash commandline which has OpenSSL 1.1.1q:
winpty openssl pkcs12 -in the-pfx-file.pfx -clcerts -nokeys -out the-crt-file.crt winpty openssl pkcs12 -in the-pfx-file.pfx -nocerts -out the-key-file.key winpty openssl rsa -in the-key-file.key -outform PEM .out the-pem-key-file.pem
(the winpty is used only in the Git Bash because the openssl command will freeze if not used. If you use openssl command in other shells it might not be necessary to prefix the openssl command with winpty).
the-crt-file.crt is obviously the crt/cert file to point to and the-pem-key-file.pem is the key-file to point to. The the-key-file.key is not necessary for Insomnia.
Support for the RC2 cipher was moved into the OpenSSL legacy module in OpenSSL 3.x; I believe enabling this module would resolve the problem. It's something we'll have to look into.
Thanks for this, this got me to the answer - I just needed to add the
-legacy
command line option to make it work.
Thanks for tips, combining this 2 answers - this what is working for me on Mac:
openssl pkcs12 -in cert.pfx -clcerts -nokeys -out the-crt-file.crt -legacy && \
openssl pkcs12 -in cert.pfx -nocerts -out the-key-file.key -legacy && \
openssl rsa -in the-key-file.key -outform PEM -out the-pem-key-file.pem
Thanks @dmytrokosiachenko and @petter-veni. Let's put their solutions together here.
For Windows
winpty openssl pkcs12 -in the-pfx-file.pfx -clcerts -nokeys -out the-crt-file.crt
winpty openssl pkcs12 -in the-pfx-file.pfx -nocerts -out the-key-file.key
winpty openssl rsa -in the-key-file.key -outform PEM .out the-pem-key-file.pem
For Mac
openssl pkcs12 -in cert.pfx -clcerts -nokeys -out the-crt-file.crt -legacy && \
openssl pkcs12 -in cert.pfx -nocerts -out the-key-file.key -legacy && \
openssl rsa -in the-key-file.key -outform PEM -out the-pem-key-file.pem
I have found a good solution to this problem. Install the PFX format certificate through Windows, then export the certificate containing the key. Choose AES256 for the encryption method of export, and export the relevant certificate using OpenSSL.
Reopening, this could be interesting to try to solve again
Expected Behavior
Return response body without errors
Actual Behavior
Cannot connect to the server because there is an error while parses the PKCS12 file.
Reproduction Steps
Is there an existing issue for this?
Additional Information
Timeline logs:
Insomnia Version
2022.1.1 and newer versions
What operating system are you using?
Environment: Windows 10 21H2
Installation method
Download from website and click the executable file.
Last known Working Insomnia version
2021.7.2