Microsoft Strong Cryptographic Provider is used as the default RSA full cryptographic service provider for Windows. When a X.509 certificate is produced, the default algorithm used is HmacPBESHA256. That algorithm is supported in Java 12 and up. Although, Boomi currently uses Java 8 and 11, which does not have support for that algorithm. To provide support for importing a certification the algorithm used must be changed. There are two ways to make the change. Both ways use OpenSSL as the tool. The first method uses Linux as the OS and the second method uses Windows.
The Linux method is easier because the openssl package is often already installed. If not, then doing a quick search for your distro will return an install method.
In the example below, we will run openssl to read the certification and then pipe it to write the certificate to a new file. The demo input file has the name cert-with-HmacPBESHA256.p12 and the demo output file is named cert-without-HmacPBESHA256.p12.
openssl pkcs12 -in "cert-with-HmacPBESHA256.p12" -nodes | openssl pkcs12 -export -out "cert-without-HmacPBESHA256.p12"The Windows method is a little more involved because you will need to install a Windows package manager (Chocolatey) and then use that to install openssl.
To install Chocolatey will we use the instructions from their website, although they have multiple ways of installing. The method outlined below can be found here: https://chocolatey.org/install#individual
First open up PowerShell as an Administrator. To do that, search for PowerShell and then right click to run a Administrator. Once open, type the following commands.
Get-ExecutionPolicyIf it returns Restricted, then run the following code. If not, then skip it.
Set-ExecutionPolicy AllSignedNext we will begin to install ChocolateyOnce complete, we will begin to install openssl. You will need to select ‘A’ to accept all packages.
choco install opensslRestart your computer once this is complete. After it has restarted, execute the command below. One common error with this command is that the command needed to have privileges to write to specific directories. If you see an error that says Permission denied, then move the read and write directories to another directory.
openssl pkcs12 -in 'C:\Boomi\cert-with-HmacPBESHA256.p12' -nodes | openssl pkcs12 -export -out 'C:\Boomi\cert-without-HmacPBESHA256.pfx'Article originally posted at Boomi Community.