I upgraded my Ubuntu 19.10 to the latest 20.04. After this process, doing HTTP calls passing a certificate gives the following error:
error: Error: [('SSL routines', 'SSL_CTX_use_certificate', 'ca md too weak')]
Executing
openssl x509 -in certificate.pem -noout -text | grep 'Signature Algorithm'
returns the following:
sha1WithRSAEncryption
The OpenSSL version installed is 1.1.1f
Can this behaviour overridden? If not, is it possible to downgrade to a compatible openssl version?
I found a solution, according to the accepted answer of this question: Ubuntu 20.04 - how to set lower SSL security level?
In particular, the openSSL configuration file /etc/ssl/openssl.cnf shall be modified in the following way.
At the beginning, add openssl_conf = default_conf
At the end, add
[ default_conf ]
ssl_conf = ssl_sect
[ssl_sect]
system_default = ssl_default_sect
[ssl_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT:@SECLEVEL=0
After this modification, the certificate is recognized without security errors.