[openssl-users] ca md too weak

Fabrice Delente delentef at gmail.com
Fri Oct 6 15:26:31 UTC 2017


Hello,

Until two days ago I used OpenVPN to connect to my workplace, on a
non-security sensitive tunnel (just for convenience).

However, OpenSSL updated on my machine (Fedora 26), and now the
certificate is rejected:

Fri Oct  6 17:25:06 2017 OpenVPN 2.4.4 x86_64-redhat-linux-gnu [SSL
(OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on
Sep 26 2017
Fri Oct  6 17:25:06 2017 library versions: OpenSSL 1.1.0f-fips  25 May
2017, LZO 2.08
Fri Oct  6 17:25:06 2017 OpenSSL: error:140AB18E:SSL
routines:SSL_CTX_use_certificate:ca md too weak
Fri Oct  6 17:25:06 2017 Cannot load certificate file lcs/delentef.crt
Fri Oct  6 17:25:06 2017 Exiting due to fatal error

What solutions are there to this problem? Can I configure OpenSSL to
accept this certificate after all?

Thanks.

F. Delente


More information about the openssl-users mailing list