APIIDA API Gateway Manager
Unable to upload client certificate to use in node config
Symptom
When uploading a new P12 file to use as a client certificate in gateway connections, the error message “error:0308010C:digital envelope routines::unsupported” or “Wrong format or password?” is displayed.
Cause
The Broadcom Layer7 Policy Manager uses the encryption algorithm RC2-40-CBC when exporting private keys. This algorithm has been deprecated in OpenSSL v3 and moved to the legacy provider. Between releases 2022.2.1 and 2022.3.1 the API Gateway Manager did not support algorithms in the legacy provider, causing the error message when trying to use one of those algorithms.
The legacy provider has been enabled in 2022.3.2, however we do strongly recommend to only use up to date encryption algorithms.
Action
Export your private keys with an algorithm supported by OpenSSL v3 default provider
Update the API Gateway Manager to release 2022.3.2