A few months back I built a Red Hat Satellite 6.10 server on RHEL7.9. I set it up to synchronize content and it was working fine.

Later, I upgraded it to 6.11 and did an in-place LEAPP from RHEL7.9 to RHEL8.6.

Today I notice it is not synchronizing content. In /var/log/foreman/production.log I see:

2022-08-27T16:04:52 [E|bac|f6af61dc] Cannot connect to host cdn.redhat.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA signature digest algorithm too weak (_ssl.c:1131)')] (Katello::Errors::Pulp3Error)
2022-08-27T16:04:57 [E|bac|f6af61dc] Cannot connect to host cdn.redhat.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA signature digest algorithm too weak (_ssl.c:1131)')] (Katello::Errors::Pulp3Error)
2022-08-27T16:34:01 [E|bac|bee5c048] Cannot connect to host cdn.redhat.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA signature digest algorithm too weak (_ssl.c:1131)')] (Katello::Errors::Pulp3Error)

update-crypto-policies --show

FIPS

Went through this process:
https://access.redhat.com/solutions/5393241

openssl x509 -noout -text -in /etc/foreman-proxy/foreman_ssl_ca.pem |grep -i -e 'Signature Algorithm' -e 'Public-Key'

    Signature Algorithm: sha256WithRSAEncryption
            RSA Public-Key: (4096 bit)
Signature Algorithm: sha256WithRSAEncryption

Still seeing the same error.
Any ideas?

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

CA signature digest algorithm too weak

update-crypto-policies --show

openssl x509 -noout -text -in /etc/foreman-proxy/foreman_ssl_ca.pem |grep -i -e 'Signature Algorithm' -e 'Public-Key'

Responses

Quick Links

Help

Site Info

Related Sites

Red Hat legal and privacy links

Red Hat legal and privacy links