You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Terraform v1.9.5
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v6.7.0
+ provider registry.terraform.io/venafi/venafi v0.21.1
Your version of Terraform is out of date! The latest version
is 1.9.8. You can update by downloading from https://www.terraform.io/downloads.html
COMMENTS/WORKAROUNDS
I found that if I did another p12 conversion from the same CA, Key and PEM Cert file, but this time using -legacy that the generated file did work:
PROBLEM SUMMARY
When using a p12 certificate bundle generated using
openssl
with pretty much default values, the provider for Venafi fails with:Failed to build config for Venafi issuer: failed converting PKCS#12 archive file to PEM blocks: pkcs12: unknown digest algorithm: 2.16.840.1.101.3.4.2.1
STEPS TO REPRODUCE
openssl req -newkey rsa:4096 -addext "extendedKeyUsage = clientAuth" -keyout certs/automation-gc.key -out certs/automation-gc.csr
.p12
TF_LOG=debug tf plan -out plan
EXPECTED RESULTS
That the plan works to exchange the cert for an access token and complete the required resource planning.
ACTUAL RESULTS
Screenshot in debug mode:
ENVIRONMENT DETAILS
Terraform v1.9.5 on darwin_arm64 + provider registry.terraform.io/hashicorp/google v6.7.0 + provider registry.terraform.io/venafi/venafi v0.21.1 Your version of Terraform is out of date! The latest version is 1.9.8. You can update by downloading from https://www.terraform.io/downloads.html
COMMENTS/WORKAROUNDS
I found that if I did another p12 conversion from the same CA, Key and PEM Cert file, but this time using
-legacy
that the generated file did work:# Recreate the pkcs12 with legacy option - changes algorithm openssl pkcs12 -export -inkey certs/automation-gc.key -in certs/automation-gc.crt -certfile certs/cas.crt -out certs/automation-gc-legacy.p12 -legacy
When running plan with this, it does seem to work with the p12, but leads me to another issue / error:
Plan output:
Solution for this will be posted in followup issue. Screenshot to show it is now past the pkcs12 file reading part.
We believe the issue to be here.
Switching to another library may work even if the same function is deprecated there too.
The text was updated successfully, but these errors were encountered: