Friday, 16 October 2020

Ubuntu — Certificate error after upgrade to 20.04

ssl_ctx_use_certificate:ca md too weak

I upgraded my ubuntu server to 20.04. After this process, doing calls passing certificate gives the following error

error: Error: [(‘SSL routines’, ‘SSL_CTX_use_certificate’, ‘ca md too weak’)]

openssl version : OpenSSL 1.1.1f 31 Mar 2020

I found the solution, according to the accepted answer of this question: Ubuntu 20.04 — how to set lower SSL security level?

In particular, the openSSL configuration file /etc/ssl/openssl.cnf shall be modified in the following way.

At the beginning, add

openssl_conf = default_conf

At the end, add

[ default_conf ]

ssl_conf = ssl_sect

[ssl_sect]

system_default = ssl_default_sect

[ssl_default_sect]

MinProtocol = TLSv1.2

CipherString = DEFAULT:@SECLEVEL=0

After this modification, the certificate is recognized without security errors.

-
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Git merge branch to another branch

$ git checkout develop $ git pull $ git checkout test-branch $ git merge develop $ git push