Unknown attribute with OID 1.3.6.1.4.1.311.17.2 error with getcred and client certificate

[tr1ck3r]

PROBLEM SUMMARY Unable to obtain an access token using a client certificate stored in a Microsoft PFX

STEPS TO REPRODUCE Use the VCert CLI to get a new token by providing a client certificate valid for authenticating with the TPP WebSDK: vcert getcred -u https://tpp.venafi.example -p12-file client.pfx -p12-password qwerty123

EXPECTED RESULTS No error and an access token returned.

ACTUAL RESULTS

Error converting PKCS#12 archive file to PEM blocks: pkcs12: unknown attribute with OID 1.3.6.1.4.1.311.17.2

COMMENTS/WORKAROUNDS This is a known issue with the golang crypto library: https://github.com/golang/crypto/pull/104

The issue can be worked around by using OpenSSL to recreate the PKCS#12: openssl pkcs12 -in client.pfx -passin pass:qwerty123 -nodes | openssl pkcs12 -export -out client.p12 -passout pass:qwerty123

[tr1ck3r]

Since this is due to an issue with Go itself, it will require 3rd party assistance. The attempt referenced by https://github.com/golang/crypto/pull/104 (i.e. https://go-review.googlesource.com/c/crypto/+/201457) was abandoned ☹️