OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Change Client certificate hash authentication algorithm

https://forums.openvpn.net/viewtopic.php?t=32404

Page 1 of 1

Change Client certificate hash authentication algorithm

Posted: Tue Jun 01, 2021 5:14 pm
by soporte
Hi, there is an error when i configure the certificates for the OpenVPN Connect app in a Samsung tablet. the error says "You are using insecure hash algorithm in CA signature. Please regenerate CA with other hash algorithm".

When I run " openssl x506 -text -noout -in xxxx.crt | grep "Signature Algorithm" " in the CA.crt certificate it says it uses the SHA256withRSA but when i used it in the client certificate it says MD5withRSA.

How could I change this setting for the client algorithm is also the SHA256?

Re: Change Client certificate hash authentication algorithm

Posted: Tue Jun 01, 2021 5:41 pm
by TinCanTech
You need to use Easy-RSA to generate a new PKI.

https://github.com/OpenVPN/easy-rsa

Re: Change Client certificate hash authentication algorithm

Posted: Sat Oct 21, 2023 12:14 pm
by tomaume
I get this same error on my iphone, but on my Windows PC, I can still connect fine. Why would I only get this error on the iphone if both are using the same CA signature?
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/