OpneSSL legacy provider module download
-
Hello,
I used to generate pkcs12 to use with cisco router as command after updating acme certs "openssl pkcs12 -export -in /cf/conf/acme/cisco.crt -inkey /cf/conf/acme/cisco.key -certfile /cf/conf/acme/cisco.ca -out /tftpboot/cisco.p12 -passout pass:12345" then ingesting with command on cisco "crypto ca import nomadmd-cert pkcs12 tftp://pfsenseip/cisco.p12 password 12345" Everything worked well until openssl update. Some googling brought the solution to use "-legacy" option. However, that option requires providers modules available which do not seem having been included in the current pfsense build. Are there prebuit binaries for freebsd I could add to pfsense to be able to generate pkcs12 that cisco router could understand?
Thank you -
@nomadmd you can just use an older version of openssl on any other box, windows linux other bsd, etc that has legacy as an option. Prob do it in a docker..
-
@johnpoz So your answer that this is not possible to do on pfsense box, correct?
-
@nomadmd I sure wouldn't load an old version of openssl on pfsense.. it would overwrite the existing current deployment.. Which could break stuff..
Just run it on anything - you can run openssl on you windows pc.. Which you prob have no use for other than running commands like you posted.
-
OK I am an idiot. "-legacy" option works perfectly well on pfsense generating certificate cisco understands. However, because when testing different oiptions I was running openssl as root generating file with no read permissions for users other than root. chmod a+r /tftpboot/cisco.p12 allowed the file to be downloaded by cisco
-
@nomadmd glad you got it sorted..
