[openssl-users] Workaround for "SSL_CTX_use_certificate:ca md too weak"
pratyush.parimal at gmail.com
Wed Apr 4 17:32:18 UTC 2018
I'm upgrading a server application from using OpenSSL 1.0.2n to using
I noticed that after the upgrade, some SSL certs get rejected because they
use an MD5 digest, with the error:
"SSL_CTX_use_certificate:ca md too weak"
While I could ask clients to get a better CA certificate, it takes some of
them a long time to do so. I was wondering if there's a way I could
compile/configure the OpenSSL on my server to accept those certificates
after all. Does anyone know?
I found links such as:
and a few others but they don't apply to my case I think.
Also, if the client does find it possible to get re-generated certs, would
it be both the client cert and the CA? Or just one of them?
Thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users