If you are using HCL SafeLinx and you cannot access your websites using “HTTPS” and you see the following error in the HCL SafeLinx “wg.log” log file:
PKCS12_parse failed, return 587686001 (error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
Then, most likely, either you are using the wrong password for the “P12” file, database where your SSL certificates reside, or your HCL SafeLinx Server is installed on Linux and the password for the “P12” file contains some special characters that need to be escaped. In my case, it was the later.
As a workaround I created a new “P12” file, with corresponding certificates, without using any special characters in a password. After that, I just restarted all HCL SafeLinx processes and everything was fine once again. I could access all configured sites via SafeLinx using HTTPS.
This issue occurred in HCL SafeLinx version 1.1.1 on Red Hat Linux.
I am having problems creating the correct P12 certificate. Can you please share the correct procedure for it? Thanx !!
LikeLiked by 1 person
Hello Remco,
I am usually using the following OpenSSL Command:
” openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt”
Where “certificate.pfx” or “certificate.p12” a new file (to be created) is.
With “-certfile” you can add additional Certificates in Chain. Here you should use a concatenated file including all Intermediates and Roots.
Let me know if that helps. 🙂
LikeLike