Hi everyone, I have been experimenting with certificate signing as part of investigation of a vulnerability in our certificates (signing them with md5). I generated a certificate using openssl and specified the sha256 signing algorithm. I verified that the cert is signed with this algorithm like this:
Code: Select all
openssl x509 -text -in my_cert | grep -i sig
Signature Algorithm: sha256WithRSAEncryption
However when I used the cert to connect to the OpenVPN server I saw this in the logs:
Code: Select all
Wed Jul 19 11:08:24 2023 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA1
I don't understand why the signature is SHA1?
