Hi Alaa,
if you used server side key generation, just choose "PKCS12 Legacy" as
Format when exporting the container. This generate the container with
legacy algorithms that should work with old Windows versions. If this
option does not show up, update your configuration (see
config.d/realm/democa/workflow/global/field/key_format.yaml).
If the certificate import is not your problem then its likely an
incompatibility between your zabbix server and agent - AFAIR the recent
zabbix version to no longer support old TLS ciphers so the problem is
not the cert but the TLS connection.
Oliver
On 09.12.24 12:35, sr_...@ductit.de wrote:
Hi Alaa,
are you using ca-side key generation so are you importing a container
with private key to windows?
If so: Microsoft added support for AES256-SHA256 encryption on
containers with Server 2019. Older versions are just supporting
3DES-SHA1. As openSSL switched to AES256 as default some time ago,
this can lead to problems when importing certificates to older windows
versions. Common error message is something about wrong password.
There is a workaround on windows side by convertig the container. Be
aware that there is a reason for the change from 3DES to AES - not
even talking about the use of a outdated window version đ .
https://learn.microsoft.com/en-us/answers/questions/995232/password-incorrect-when-import-certificate-on-serv
Maybe someone on this list can give a hint about changing container
encryption options if this is the reason for your problem.
Regards
Simon
Alaa Hilal schrieb am 09.12.2024 11:26 (GMT +01:00):
Hello,
I have setup zabbix installation, where the connection is
encrypted using certificates generated by our PKIs (which is
managed by openxpki).
In general, in normal cases every thing is working well.
We are facing a problem, with one of our machines that is running
with old OS (windows server 2008). I think the cyphers supported
by this version of windows are do not include the ones that are
used by openxpki. Is there a way to create for example a new
profile that would generate certificates with older ciphering
methods (I know this is not very secure but we have an exception
for this server)
Regards,
Alaa
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
