When using the OpenSSL function in PHP, the hard work is done by the OpenSSL libraries in the background. With version 3, some outdated cryptography was dropped–this ay cause problems, if you need to work with certain older certificates.

You might run into errors like this:

OpenSSL error: error:0308010C:digital envelope routines::unsupported

To solve this, you can either repack the certificate like this:

openssl pkcs12 -legacy -in key.p12 -nodes -out key_decrypted.tmp
openssl pkcs12 -in key_decrypted.tmp -export -out key_new.p12

or (if that is not feasible), enable the legacy providers. There is no way to do that in PHP itself, though, so some trickery is needed. Read on…

How to enable legacy providers

You need two things: A configuration file and an environment variable. First, the file. Decide on a place in your project, the root is fine. Now create a file e.g. named legacy-openssl.cnf and put this into it:

providers = provider_sect

default = default_sect
legacy = legacy_sect

activate = 1

activate = 1

Now create an instance variable in your project. It must be named OPENSSL_CONF and it's value must be the absolute path to the file you created above. If you put it into your project root, that would then be /application/legacy-openssl.cnf.

Now deploy to have the file and the variable available, and your OpenSSL code should work again.