Hi,
recently I've installed the newest OpenVPN client software 2.6. This introduced some changes that prevented me to connect to the OpenVPN server. Turns out that my client certificate is encrypted with an outdated 40BitRC2-CBC algorithm. I've created this certificate with iManager (on an OES2018SP3 server) and the signature algorithm was RSA With SHA256, yet the exported pfx file contains a bag, that is 40BitRC2-CBC.
openssl pkcs12 -in cert.pfx -info -noout
MAC: sha1, Iteration 1
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000
Certificate bag
Certificate bag
I am not an expert in certificates but this sound worrying. Is it possible to configure iManager or eDirectory not to use this deprecated 40BitRC2-CBC algorithm while creating the pfx file?
Regards,
Gellert