Error converting PKCS#12 archive file to PEM blocks: pkcs12: unknown digest algorithm: 2.16.840.1.101.3.4.2.1

[Sparc0]

PROBLEM SUMMARY
Unable to use vcert getcred to generate new token.
My new p12 file was generated using java keytool and i guess vcert does not know how to handle it based on the error i get.
My old p12 file was generated on Windows.
I can use CURL to request a token using the same p12 file so my file is not the problem.

STEPS TO REPRODUCE
How i generated my p12 file.

keytool -genkey \
-alias cba_cert \
-validity 180 \
-keyalg RSA \
-keysize 2048 \
-keystore certfile.pfx \
-dname "REDACTED"

I then had the certificate signed by our CLM instance and imported it back into the file.

./vcert getcred -u https://clm-api.com --p12-file certfile.pfx --p12-password secret --client-id MyID --scope "certificate:manage" --format json
Error converting PKCS#12 archive file to PEM blocks: pkcs12: unknown digest algorithm: 2.16.840.1.101.3.4.2.1
EXPECTED RESULTS

{
  "access_token": "REDACTED==",
  "expires_in": 1296000,
  "expires": 1672933356,
  "token_type": "Bearer",
  "scope": "certificate:manage",
  "identity": "local:{REDACTED}",
  "refresh_until": 1672933356
}

ACTUAL RESULTS
Error converting PKCS#12 archive file to PEM blocks: pkcs12: unknown digest algorithm: 2.16.840.1.101.3.4.2.1

ENVIRONMENT DETAILS
Tried vcert version v4.23.0 & v4.20.0 same error.

java --version 
openjdk 11.0.17 2022-10-18 LTS

OpenSSL info of my old and new p12 file.
Old

openssl pkcs12 -info -in old.pfx -noout 
Enter Import Password:
MAC Iteration 2000
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Data
Certificate bag
Certificate bag
Certificate bag

New

openssl pkcs12 -info -in certfile.pfx -noout
Enter Import Password:
MAC Iteration 10000
MAC verified OK
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 10000, PRF hmacWithSHA256
PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 10000, PRF hmacWithSHA256
Certificate bag
Certificate bag
Certificate bag

COMMENTS/WORKAROUNDS
Generate a token using the same p12 file but with CURL works.

[ry29]

I was running into this issue with Venafi as well, but found exporting the pfx with these extra options resolved this issue:
openssl pkcs12 -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -export -macalg sha1 .......

taken from: https://discuss.hashicorp.com/t/azure-service-principal-client-certificate-error/32037?msclkid=9351d13bd12411ec96deb763dd60b7af

[rvelaVenafi]

We will investigate the issue to confirm which options should be used for p12 bundle. If there is an issue we will plan as needed