SSL_CTX_use_certificate:ca md too weak

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See https://forums.openvpn.net/viewtopic.php?f=30&t=21589 for an example.
agowa338
OpenVpn Newbie
Posts: 1
Joined: Sun Jun 18, 2017 6:44 pm

SSL_CTX_use_certificate:ca md too weak

Postby agowa338 » Sun Jun 18, 2017 6:52 pm

Hello,

I've a openvpn server set up and I'm also able to connect to it from multiple devices.
But one a notebook with archlinux throws the following error message when attempting to connect:

Sun Jun 18 20:47:41 2017 OpenVPN 2.4.2 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 11 2017
Sun Jun 18 20:47:41 2017 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10
Sun Jun 18 20:47:41 2017 OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
Sun Jun 18 20:47:41 2017 Cannot load certificate file client.crt
Sun Jun 18 20:47:41 2017 Exiting due to fatal error


What's wrong here? I've researched that error and as I read, it is only thorwn, if the root certificate is md5 signed, but it is sha256, any idea?

My Certificate:

Code: Select all

-----BEGIN CERTIFICATE-----
MIIG3DCCBMSgAwIBAgIJAIf2oSBSzePiMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD
VQQGEwJERTELMAkGA1UECBMCREUxEjAQBgNVBAcTCUZyYW5rZnVydDEQMA4GA1UE
ChMHT3BlblZQTjEQMA4GA1UECxMHT3BlblZQTjEQMA4GA1UEAxMHT3BlblZQTjEY
MBYGA1UEKRMPb3V0ZXJPcGVuVlBOLUNBMSQwIgYJKoZIhvcNAQkBFhVvdXRlck9W
UE5AYWdvd2EzMzguZGUwHhcNMTcwMjAxMjMwOTI3WhcNMjcwMTMwMjMwOTI3WjCB
pDELMAkGA1UEBhMCREUxCzAJBgNVBAgTAkRFMRIwEAYDVQQHEwlGcmFua2Z1cnQx
EDAOBgNVBAoTB09wZW5WUE4xEDAOBgNVBAsTB09wZW5WUE4xEDAOBgNVBAMTB09w
ZW5WUE4xGDAWBgNVBCkTD291dGVyT3BlblZQTi1DQTEkMCIGCSqGSIb3DQEJARYV
b3V0ZXJPVlBOQGFnb3dhMzM4LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEApwfRwZ7DvI0TbTeHqyQsdRIw+0QLfMqp2Uvny3pUCGy/3sjlreHoOsSm
+DOmlcfBtmmJrtVZTEyoS9elkBRGjeVSqHFsLdgydrtfXhU5R+ZHt5OBH/vpVmAw
IRwZasoV1RXTF2ZTsJK1QRHaGPq7nRmZJe922AoRkDhEMA8RHZsoUWgavdAiReOk
3BCRZ00ciPBU8OfTsb5I1osMDNWxdAGNKNwzRXGzdnqSS006tpr0Ak387//iIs3i
rzPwYTWGdYv1HuwlcfSbuG4r8El15qZGDGlHoO8/g5YpslLqf4yhfxmOUJax1Z0Z
kCW3fVKRwjjLax7+/LTnT7dFTa+ZIESXsTO0Y/YSnDAlxJsabQDAMEYmD8ut+lUb
W6L8Cx5QqewL3UGXyLRU9xd68qnwypRAiHasxc8v5TQWlwSfK/yHMQPszeksN6ot
pL7SDO6oSpO8pcMu/7SLCcL8BKCEum/UKCUSRLQq0gV/odA2FIoCBoPavPrYw4+D
lDobQPDe/aGxhR6p88wgomWZgneg3FnnmR6Ij5Eps+2HhILvEicH3aBeCDMKA5cn
gx0MZNy0YzLjsUeAXvZ+K+GiPo4JGeQKGxwtMinb9fsN+7E3k9QOz4ZUQG/vX2bB
idkX19XJj6lL4juiqbQbl54/NAcBKeW/tQcW69AeyYX3mRmE2zMCAwEAAaOCAQ0w
ggEJMB0GA1UdDgQWBBSpfZFjQ4GkiZLeST3tJXZjG0FMnDCB2QYDVR0jBIHRMIHO
gBSpfZFjQ4GkiZLeST3tJXZjG0FMnKGBqqSBpzCBpDELMAkGA1UEBhMCREUxCzAJ
BgNVBAgTAkRFMRIwEAYDVQQHEwlGcmFua2Z1cnQxEDAOBgNVBAoTB09wZW5WUE4x
EDAOBgNVBAsTB09wZW5WUE4xEDAOBgNVBAMTB09wZW5WUE4xGDAWBgNVBCkTD291
dGVyT3BlblZQTi1DQTEkMCIGCSqGSIb3DQEJARYVb3V0ZXJPVlBOQGFnb3dhMzM4
LmRlggkAh/ahIFLN4+IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEA
pjh2Ytfyggd8mJNrPlhPxKadDlx0x3QO/Y9sJYiK3BUNxi5KEJQ02D5zhFRLaAw3
BJs+4IQwrRpSjLTJjDORptPeHZWQ7oZHYG/J1kKX6SOhCrNrk1KSaAgZaDoDNuSG
EuxVX4ncIQWdCNE5zDKDbZDh30drhxMQdGVB1jOEn16YVMo5UWiVSXtfb/EhXKyp
WrnyqnJXWZCLrX2C6hc3Z4YEfZfkn40JhSjORKJJZv3ZONQOtOJBoWfSBsy5WOxF
VQv25pmRTIuSUONrSM0lr5n0wgT/jkNXoHfEZAmebTh7zj2UfbuDXyGEj3nRz2e2
WTHXNR3yiyL5lRmMwx3dQUVbfJ0g1exBkTFvG2fR3TAa3wHaN+soeKp+O8TO9Pg/
0/kxi5OereTSrp7Fpqtcj7A//7h1sD8fiI0nV5zS2YEurklQP21+nuLpBP8nqnkM
LBIV7hMBjZQPf5olW20Q/o485ZnBXeXacj9K2RIwZegot+ekc5ROtI45flR2SBnn
Zxke+0u2goTURipwmvYyrwOuxfKK/AtgomLb6GQ7vMPUan6UuOKxx1/e3i52iWhs
bx4PggNct+9jEm7XVEvNrymnhNlXypzcvjf9LAG6U/W1ECd3C/Afbw7sDMBaJ7WT
AECSLHfvNw+ghXAu9qmkPOBKP/ci4Dlb4ezs8THufyc=
-----END CERTIFICATE-----

Return to “Server Administration”

Who is online

Users browsing this forum: No registered users and 4 guests