View Full Version : OpenVPN: certificate refused, how can I configure OpenSSL?

6th October 2017, 03:51 PM

I used until two days ago OpenVPN to open a tunnel to my workplace (a non-security sensitive one, it's just for convenience but no important info is sent through it).

But now, openvpn refuses to open the tunnel with this error:

Fri Oct 6 16:47:25 2017 OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

How can I force OpenSSL to accept this type of certificate? I have found a config file for OpenSSL, in /usr/share/crypto-policies/DEFAULT/openssl.txt, which comes from package crypto-policies, but is this the right file? And what must I put in it (the syntax seems cryptic...) I have seen the update-crypto-policies and openssl.cnf man pages, but they don't seem relevant (or I didn't understand).

EDIT: A work friend told me that in Windows the certificate is still accepted (with a warning though), I guess that OpenSSL is more lenient or less up-to-date in Windows...


F. Delente

6th October 2017, 05:20 PM
A few possibilities https://forums.openvpn.net/viewtopic.php?t=23979