openssl new versions consider md certificates too weak

Scripts to manage certificates or generate config files
hakster
OpenVpn Newbie
Posts: 1
Joined: Wed Apr 26, 2017 2:52 pm

openssl new versions consider md certificates too weak

Postby hakster » Wed Apr 26, 2017 3:01 pm

A user who upgraded openssl from 1.02 to 1.1.0 found that openvpn could not connect. Seems openssl does not allow md5 signed certificates. Assuming the server certs cannot get re-issued with SHA (easily), is there a workaround, such as relaxing openssl 1.1.0, short of a revert to the older version?

Relevant logging:

nm-openvpn[4287]: library versions: OpenSSL 1.1.0e 16 Feb 2017, LZO 2.10
nm-openvpn[4287]: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
nm-openvpn[4287]: Cannot load certificate file /path/cert.crt

Return to “Cert / Config management”

Who is online

Users browsing this forum: No registered users and 1 guest