Since OpenSSL 3, this function will fail with .p12 files that use legacy ciphers. Unfortunately, .p12 files generated today from a lot of Windows based CAs are using them by default.
OpenSSL 3 uses a provider mechanism where there is a legacy provider that supports these legacy ciphers, but it is disabled by default.
While PHP SSL module lacks a mechanism to enable the legacy provider, you need to modify the openssl.conf used by PHP by hand, it is usually the same used by the system openssl command, so the OPENSSLDIR path value returned by the "openssl version -d" command contains the openssl.conf file to modify. The llines that need to be added, modified or uncommented are the following to look like this:
openssl_conf = openssl_init
[openss_init]
providers = provider_sect
[provider_sect]
default = default_sect
legacy = legacy_sect
[default_sect]
activate = 1
[legacy_sect]
activate = 1
This may require restarting the involved php service (php-fpm usually) to load the OpenSSL configuration changes.