I’m getting the error Error message "error:0308010C:digital envelope routines::unsupported" when trying to open a .pfx file:
$result = openssl_pkcs12_read($content, $certdata, $pass);
$error = openssl_error_string(); // "error:0308010C:digital envelope routines::unsupported"
In terminal (Ubuntu 22.04):
user@user-tp:~$ php -i | grep -i openssl
SSL Version => OpenSSL/3.0.2
libSSH Version => libssh/0.9.6/openssl/zlib
openssl
OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 3.0.2 15 Mar 2022
OpenSSL Header Version => OpenSSL 3.0.2 15 Mar 2022
Openssl default config => /usr/lib/ssl/openssl.cnf
openssl.cafile => no value => no value
openssl.capath => no value => no value
Native OpenSSL support => enabled
If I try to open the file in terminal I get the same error:
openssl pkcs12 -in file.pfx -nodes
But if I use the -legacy param it works fine.
How can I use it in PHP without errors?
3
Answers
I had the same issue, which was due to OpenSSL upgraded to version 3 in Ubuntu 22.04. The issue occured on Google Calendar API integration using P12 file.
I tried downgrading it to OpenSSL 1.1 (changing the app itself was not an option), but unsuccessfully.
At last the solution was to redeploy my app on a new server with Ubuntu 20.04… worked out of the box.
You can enable legacy option for Openssl 3:
Find and open the file at
/etc/ssl/openssl.cnfAt the
[default_sect]section change it to the following:Then find the
[provider_sect]and change it to the following:After this save the file and restart your PHP application and it should work fine.
You can handle Marcelo’s solution in few commands (e.g. for Docker building image purpose):
Btw. more info about default and legacy providers you can find on the OpenSSL wiki