Legacy PKCS12 no longer supported for playbooks

Venafi / vcert

Go client SDK and command line utility designed to simplify integrations by automating key generation and certificate enrollment using Venafi machine identity services.

https://support.venafi.com/hc/en-us/articles/217991528

Apache License 2.0

88 stars 64 forks source link

Legacy PKCS12 no longer supported for playbooks #431

Closed Pmaraveyias closed 4 months ago

Pmaraveyias commented 6 months ago

PROBLEM SUMMARY After adding the feature to modernize the PKCS12 algorithm, use cases which require legacy p12 are no longer working with playbooks. There is currently no option to use legacy p12 in a playbook.

STEPS TO REPRODUCE Request a certificate in a vcert playbook using p12 which requires legacy encryption

COMMENTS/WORKAROUNDS Currently the only workarounds are downgrading to 5.2 or not using the playbook functionality

BeardedPrincess commented 4 months ago

This is also affecting CAPI playbook installations on windows 2016 and earlier with a red-herring error message of "invalid password" blowing up the installer powershell script execution.

Pmaraveyias commented 4 months ago

Addressed by #464