search

Venafi / vcert

Go client SDK and command line utility designed to simplify integrations by automating key generation and certificate enrollment using Venafi machine identity services.
https://support.venafi.com/hc/en-us/articles/217991528
Apache License 2.0
88 stars 64 forks source link

Add vcert cli playbook option to to specify alternate (legacy) key formats for PKCS12 #463

Closed BeardedPrincess closed 3 months ago

BeardedPrincess commented 3 months ago

BUSINESS PROBLEM Windows Server 2016 and older (and probably other older non-windows OSes) do not (and will not) support the modern PKCS12 encoding (AES-256-CBC). This makes using vcert playbooks on these operating systems unusable. This goes for both P12 and CAPI installation types.

PROPOSED SOLUTION Add an installation option in the playbook definition that allows for legacy encoding to take place when doing PEM, PKCS12, or CAPI installations.

CURRENT ALTERNATIVES The workaround now is to specify a PEM installation, then use OpenSSL to convert and downgrade to these legacy formats that windows can use/import.

VENAFI EXPERIENCE Longer than most, not as long as some. Director 5?

luispresuelVenafi commented 3 months ago

Wonder if duplicate of: https://github.com/Venafi/vcert/issues/431

BeardedPrincess commented 3 months ago

Ahh.. yes. It seemed different because we found this in a weird way through the CAPI installations. I'll add a comment and close this one.