So I am trying to use this tool to get a certificate for my Plex server but I get the “[CERT] PKCS12_parse failed: error:0308010C:digital envelope routines::unsupported” error.
I have found similar issues and the solutions discuss a lack of support for the latest OpenSSL 3.x.x versions and require a legacy option on the command line and etc. The latest update in this document mentions what has to be done and this form thread on this site also appears to be on the same route.
How can I use the UI to complete such a task? Or would I need to use the scripting and run these commands after the fact to re-create the cert with the legacy options enabled?
It appears the 6.0 update broke this when they updated the security algorithms and such. (Also I am a beginner when it comes to understanding these certs and how they work)
Hi,
By default the modern algorithms should be disabled in the current version - were you previously using a beta version (5.9.x)? We later found that some older windows servers couldn’t use the modern settings either.
If you open C:\ProgramData\certify\appsettings.json in an editor is "UseModernPFXAlgs": false
? If true, set it back to false and re-request your certificate.
If it’s set to false already, it could be that the app doesn’t like the EC 256 private key type we now use by default, in which case edit Certificate > Advanced > Signing & Security and change the key type to RSA 2048, then request your certificate again.
Thank you for the response.
I did confirm it’s still false, I only started using the application Monday so I believe I’ve always been on 6.x and I believe I may have already tried that key type but I am rate limited now so I’ll have to wait to try again, I will update this thread when I do! Thanks!
1 Like
Sorry for the delay, finally got around to trying this again after rate limit, got the same error:
[CERT] PKCS12_parse failed: error:0308010C:digital envelope routines::unsupported
LMAO actually turning ON “UseModernPFXAlgs” and then all defaults fixed it!
Thanks for the help, never would have found that config file nor known what it did.
Sorry I don’t think I read your original post properly and I was just assuming there was a bug, not that the app actually needed the new PFX algorithms!