Hi Alaa,
are you using ca-side key generation so are you importing a container with private key to windows?
If so: Microsoft added support for AES256-SHA256 encryption on containers with Server 2019. Older versions are just supporting 3DES-SHA1. As openSSL switched to AES256 as default some time ago, this can lead to problems when importing certificates to older windows versions. Common error message is something about wrong password.
There is a workaround on windows side by convertig the container. Be aware that there is a reason for the change from 3DES to AES - not even talking about the use of a outdated window version 😉 .
https://learn.microsoft.com/en-us/answers/questions/995232/password-incorrect-when-import-certificate-on-serv
Maybe someone on this list can give a hint about changing container encryption options if this is the reason for your problem.
Regards
Simon
Alaa Hilal schrieb am 09.12.2024 11:26 (GMT +01:00):
Hello,
I have setup zabbix installation, where the connection is encrypted using certificates generated by our PKIs (which is managed by openxpki).In general, in normal cases every thing is working well.We are facing a problem, with one of our machines that is running with old OS (windows server 2008). I think the cyphers supported by this version of windows are do not include the ones that are used by openxpki. Is there a way to create for example a new profile that would generate certificates with older ciphering methods (I know this is not very secure but we have an exception for this server)Regards,Alaa
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
