SFCC : deploy for staging is through code error exist 1

[Ufarooq6]

sfcc-ci Version

2.11.0

NodeJS Version

v20.16.0

sfcc-ci Path

Github actions

Host OS Details

Windows 11

What happened?

Anyone here know the error while uploading for staging from GHA:
I am trying to run a different command in GHA.

Command:
"echo "$CERT_B64" | base64 --decode > certificate.p12
sfcc-ci code:deploy "./${{env.BUILD_NUMBER}}.zip" -i ${{vars.CERT_INSTANCE_URL}} -c certificate.p12 -p "${{secrets.CERTIFICATE_PASSWORD}}" -a --selfsigned -D
rm -f certificate.p12"

For 2F certificate Decoding: I am running this command to decode the cert on windows
"CERTIFICATE_2FA — run this command in your Terminal base64 -i certificate.p12Copy returned value and paste it here. 2FA Certificate is needed only for deployments to the Staging instance. If you wonder where this certificate is coming from, here is the official guide written by Salesforce. link: https://help.salesforce.com/s/articleView?id=000391641&type=1
you can try from your side with our 2F cert and let us know.

Has anyone seen this error code while deployment in stage SFCC?
Thanks

Relevant log output

Error log:
Run echo "$CERT_B64" | base64 --decode > certificate.p[1](https://github.gapinc.com/org/commerc/actions/runs/435560/job/1955761#step:13:1)2
[DEBUG] No dw.json found in /runner/_work//
[DEBUG] Assuming [staging-ap01-gap.demandware.net](http://staging-ap01-gap.demandware.net/) is a staging instance, replacing with cert.* format
[DEBUG] Instance name rewritten to [cert.staging.ap01.gap.demandware.net](http://cert.staging.ap01.gap.demandware.net/)
Warning: Allow self-signed certificates. Be caucious as this may expose secure information to an untrusted party.
REQUEST {
baseUrl: 'https://cert.staging.instance.org.demandware.net/',
uri: '/on/demandware.servlet/webdav/Sites/cartridges/b91_v3.19.0_20240726_staging.zip',
auth: {
bearer: ''
},
strictSSL: false,
method: 'PUT',
agentOptions: {
pfx: <Buffer 30 82 0e b6 02 01 03 30 82 0e 7c 06 09 2a 86 48 86 f7 0d 01 07 01 a0 82 0e 6d 04 82 0e 69 30 82 0e 65 30 82 08 ff 06 09 2a 86 48 86 f7 0d 01 07 06 a0 ... 3720 more bytes>,
passphrase: ''
},
callback: [Function (anonymous)]
}
REQUEST make request https://cert.staging.instance.org.demandware.net/on/demandware.servlet/webdav/Sites/cartridges/b91_v3.19.0_20240726_staging.zip
Error: An error occured. Try running the command again with -D,--debug flag.
[DEBUG] Error code: undefined, message: unsupported, stack: Error: unsupported
at configSecureContext (node:internal/tls/secure-context:285:15)
at Object.createSecureContext (node:_tls_common:116:3)
at Object.connect (node:_tls_wrap:1763:48)
at Agent.createConnection (node:https:171:22)
at Agent.createSocket (node:_http_agent:340:26)
at Agent.addRequest (node:_http_agent:288:[10](https://github.gapinc.com/gapinc/commerce-sfcc-jp-ecom/actions/runs/435560/job/1955761#step:13:11))
at new ClientRequest (node:_http_client:334:16)
at Object.request (node:https:379:10)
at Request.start (/opt/hostedtoolcache/node/20.16.0/x64/lib/node_modules/sfcc-ci/node_modules/request/request.js:751:32)
at Request.write (/opt/hostedtoolcache/node/20.16.0/x64/lib/node_modules/sfcc-ci/node_modules/request/request.js:1491:10)
Error: Process completed with exit code 1.

[christopherjanzen]

Looks like perhaps your baseUrl is incorrect unless you're swapping the "instance" portion with your actual instance

[paul-sorensen]

TLDR - recreate the p12 file with the additional arguments: "-certpbe PBE-SHA1-3DES" (or some other modern algorithm)

Example:

openssl.exe pkcs12 -certpbe PBE-SHA1-3DES -export -in <user>.pem -inkey <user>.key -certfile <name>.crt -name "<user>" -out <user>.p12

---

This could happen if the p12 file was built using the official documentation, in particular the last step which is:

openssl pkcs12 -export -in jsmith.pem -inkey jsmith.key -certfile cert.staging.web.customer.demandware.net_01.crt -name "jsmith" -out jsmith.p12

At least on my system - Windows 10, using openssl that comes with Git - this creates the p12 using an older algorithm that has been removed from Node. See nodejs/node#40672 to which I credit the fix above, and linked from here is https://nodejs.org/en/blog/announcements/nodejs16-eol/ which details the changes (search this page for "removal of several algorithms").