Issue
When running the Terraform script (Independent from cloud provider), the process halts with the following error:
Error: local-exec provisioner error with module.f5xc_azure_cloud_ce_three_node_single_nic_new_vnet_new_subnet.module.site_wait_for_online.terraform_data.check_site_status_cert[0], on ../../modules/f5xc/status/site/main.tf line 11, in resource "terraform_data" "check_site_status_cert": Error running command '../../modules/f5xc/status/site/scripts/check.sh https://<REDACTED>.console.ves.volterra.io/api/config/namespaces/system/sites/<REDACTED>?response_format=GET_RSP_FORMAT_DEFAULT ../../modules/f5xc/ce/azure/f5certificate.p12 <REDACTED> 3600 cert "<REDACTED>"': exit status 58. Output: Checking status using certificate
The issue seems to stem from the fact that the client certificate was generated with OpenSSL 1.x, while the machine where Terraform is executed uses OpenSSL 3.x.
OpenSSL 3.0.x no longer supports older/insecure algorithms by default. Certificates created with OpenSSL 1.x (using PKCS12 with 40-bit RC2) are incompatible with OpenSSL 3.x unless manually converted.
To resolve this, it was necessary to convert the certificate using the following command:
openssl pkcs12 -in old -nodes -provider legacy -provider default -out temp && openssl pkcs12 -in temp -export -out new
This process ensures the certificate works with OpenSSL 3.x.
Please consider adding this as a known issue in the documentation. Including the steps for converting the certificate for users running Terraform on systems with OpenSSL 3.x will help prevent similar issues.
Issue
When running the Terraform script (Independent from cloud provider), the process halts with the following error:
Error: local-exec provisioner error with module.f5xc_azure_cloud_ce_three_node_single_nic_new_vnet_new_subnet.module.site_wait_for_online.terraform_data.check_site_status_cert[0], on ../../modules/f5xc/status/site/main.tf line 11, in resource "terraform_data" "check_site_status_cert": Error running command '../../modules/f5xc/status/site/scripts/check.sh https://<REDACTED>.console.ves.volterra.io/api/config/namespaces/system/sites/<REDACTED>?response_format=GET_RSP_FORMAT_DEFAULT ../../modules/f5xc/ce/azure/f5certificate.p12 <REDACTED> 3600 cert "<REDACTED>"': exit status 58. Output: Checking status using certificateThe issue seems to stem from the fact that the client certificate was generated with OpenSSL 1.x, while the machine where Terraform is executed uses OpenSSL 3.x.
OpenSSL 3.0.x no longer supports older/insecure algorithms by default. Certificates created with OpenSSL 1.x (using PKCS12 with 40-bit RC2) are incompatible with OpenSSL 3.x unless manually converted.
To resolve this, it was necessary to convert the certificate using the following command:
openssl pkcs12 -in old -nodes -provider legacy -provider default -out temp && openssl pkcs12 -in temp -export -out newThis process ensures the certificate works with OpenSSL 3.x.
Please consider adding this as a known issue in the documentation. Including the steps for converting the certificate for users running Terraform on systems with OpenSSL 3.x will help prevent similar issues.