Change Client certificate hash authentication algorithm

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
soporte
OpenVpn Newbie
Posts: 1
Joined: Tue Jun 01, 2021 5:05 pm

Change Client certificate hash authentication algorithm

Post by soporte » Tue Jun 01, 2021 5:14 pm

Hi, there is an error when i configure the certificates for the OpenVPN Connect app in a Samsung tablet. the error says "You are using insecure hash algorithm in CA signature. Please regenerate CA with other hash algorithm".

When I run " openssl x506 -text -noout -in xxxx.crt | grep "Signature Algorithm" " in the CA.crt certificate it says it uses the SHA256withRSA but when i used it in the client certificate it says MD5withRSA.

How could I change this setting for the client algorithm is also the SHA256?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Change Client certificate hash authentication algorithm

Post by TinCanTech » Tue Jun 01, 2021 5:41 pm

You need to use Easy-RSA to generate a new PKI.

https://github.com/OpenVPN/easy-rsa

tomaume
OpenVpn Newbie
Posts: 1
Joined: Sat Oct 21, 2023 12:13 pm

Re: Change Client certificate hash authentication algorithm

Post by tomaume » Sat Oct 21, 2023 12:14 pm

I get this same error on my iphone, but on my Windows PC, I can still connect fine. Why would I only get this error on the iphone if both are using the same CA signature?

Post Reply