search

Venafi / vcert

Go client SDK and command line utility designed to simplify integrations by automating key generation and certificate enrollment using Venafi machine identity services.
https://support.venafi.com/hc/en-us/articles/217991528
Apache License 2.0
88 stars 64 forks source link

Legacyp12 playbook #464

Closed Pmaraveyias closed 3 months ago

Pmaraveyias commented 3 months ago

Addresses Issue #431. Allows the use of legacy p12 as an option in playbooks, but must be specifically chosen.

BeardedPrincess commented 3 months ago

I added a PR to update the playbook readme as well: #465

BeardedPrincess commented 3 months ago

Validated using Windows Server 2016 and the useLegacyPkcs12 flag in CAPI installation playbook worked. Also verified it's still broken if that flag is absent or set to false.

Additionally, tested both toggles true and false with an installation type of PKCS12. Worked as expected, based on openssl results:

useLegacyPkcs12: true :

MAC: sha1, Iteration 1
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Certificate bag
Certificate bag
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048