On macOS I encountered this problem today while generating .pem file for using it with Apple Push Notification in my iOS app. openssl command as below used to work fine but this is a new PITA.

$ openssl pkcs12 -in Certificates.p12 -out cert.pem -nodes -clcerts

Enter Import Password:

Error outputting keys and certificates

0056B30B01000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:342:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

The Solution

It looks like I’m the first one to encountered this problem? Can’t find fucking solution after wasting time.

Will update if I come across any solution.

Update 1

Here is one solution I come up with while Googling. This seems to work as it doesn’t give any error and generates .pem file.

$ openssl pkcs12 -info -legacy -in Certificates.p12 -out cert.pem -nodes -clcerts

Enter Import Password:

MAC: sha1, Iteration 1

MAC length: 20, salt length: 8

PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048

Certificate bag

PKCS7 Data

Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

While testing it with pusher app I got following error:

Connecting to APN… (com.....)
Unable to connect: SSL handshake invalid certificate chain

So looks like something wrong with the .pem file generation?

Ok gave up here, will try again later.