A quick google on the error gave me:
https://forums.openvpn.net/viewtopic.php?t=23979 and this stood out to me: I had this problem with the OpenVPN for Android app. See the explanation in the following link. http://ics-openvpn.blinkt.de/FAQ.html I circumvented/fixed the problem by editing the openssl-1.0.0.cnf file in my easy-rsa directory and changing "default_md" from md5 to sha256 and then regenerating my certificates. Seems like a path to take a look at. I haven’t encountered the issue personally but would look at your certificate creation process to see if you can bump to SHA256 and regenerate the cert. C. From: radiator <[email protected]> on behalf of Brandon Shiers <[email protected]> Date: Tuesday, July 28, 2020 at 1:00 PM To: "[email protected]" <[email protected]> Subject: [RADIATOR] Issue with EAP Authentication We are working on migrating an EAPTLS setup from Radiator 3.13 up to Radiator 4.19. I’ve moved the relevant certificates and configuration and when I try to have my endpoint device authenticate I’m getting the same error: Tue Jul 28 10:53:17 2020: ERR: TLS could not use_certificate_file /etc/radiator/cert/certificates/radius.pem, 1: 2956: 1 - error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak The key is signed with 2048-bits and RSA encryption, md5. I’m using the AuthbyFreeRadius handler for this. I sent a message yesterday but I wasn’t getting any replies, so I’m not sure if it was blocked due to spam or not. I’m not sure where I need to go. I don’t really want to regenerate new certificates but if that’s my only option I will. I did set EAPTLS_SecurityLevel to 1 and that didn’t help. Brandon Shiers, RF Engineer 937 West Main Street Riverton, WY 82501 307.857.6704 (o) 307.840.2366 (c) 307.856.1499 (f) [email protected]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
