> On 15 Sep 2020, at 22:34, Bryan K. Walton <bwalton@leepfrog.com> wrote:
>
> On Tue, Sep 15, 2020 at 09:30:28AM +1000, William Brown wrote:
>> The most likely reason for this is that a cert in the chain/path is not up to the standard expected by your client TLS library. You can check with:
>>
>> openssl x509 -in FILE.PEM -noout -text | grep "Signature Algorithm"
>> Signature Algorithm: sha256WithRSAEncryption
>>
>> I think today most TLS libraries expect at least sha256 and 2048 bit certs.
>>
>> It's probably worth checking that all the certs from the CA, intermediates and your server cert are sha256 + 2048 bit or higher. Hope that helps,
>
>
> Thanks William!
> This was indeed the issue. We were using an older intermediate with
> sha1. Changing that has fixed our issue.
>
No problems, if you have any other questions, let us know!
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment