克米亚sap论坛,最好的sap论坛,sap系统,sap培训,kemiya,克米亚,sap账号,sap ides,sap mm,sap hana,sap fico,sap pp

 找回密码
 注册
查看: 221|回复: 0

could not load PEM client certificate, OpenSSL error error:140AB18E:SSL routi...

[复制链接]
kmy 发表于 2021-4-12 12:03:09 | 显示全部楼层 |阅读模式
环境:
ubuntu20.04
php7.4.3


ubuntu20.04 php7.4 could not load PEM client certificate, OpenSSL error error140AB18ESSL routinesSSL_CTX_use_certificateca md too weak, (no key found, wrong pass phrase, or wrong file format)

could not load PEM client certificate, OpenSSL error error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

I upgraded my Ubuntu 19.10 to the latest 20.04. After this process, doing HTTP calls passing a certificate gives the following error:

error: Error: [('SSL routines', 'SSL_CTX_use_certificate', 'ca md too weak')]

Executing

openssl x509 -in certificate.pem -noout -text | grep 'Signature Algorithm'

returns the following:

sha1WithRSAEncryption

The OpenSSL version installed is 1.1.1f

Can this behaviour overridden? If not, is it possible to downgrade to a compatible openssl version?





I found a solution, according to the accepted answer of this question: Ubuntu 20.04 - how to set lower SSL security level?

In particular, the openSSL configuration file /etc/ssl/openssl.cnf shall be modified in the following way.

At the beginning, add 最开始添加
openssl_conf = default_conf

At the end, add

[ default_conf ]

ssl_conf = ssl_sect

[ssl_sect]

system_default = ssl_default_sect

[ssl_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULTSECLEVEL=0

After this modification, the certificate is recognized without security errors.


测试:
curl -v --ciphers 'DEFAULTSECLEVEL=1' --cacert dev/cacert.pem --cert dev/sslcert.pem --pass liuqiang https://210.74.42.33:9443/FEP/




您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|克米亚sap论坛,sap账号,sap系统,sap ides,sap学习机,sap练习环境 ( 重庆瑞瑞宝科技有限公司 渝ICP备18002525号-10 )

GMT+8, 2021-8-2 06:21

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表