CA signature digest algorithm too weak when accessing ldaps server
Issue
The httpd is conifgured to connect to the LDAP server using ldaps. The server certificate/key pair is stored in the LDAP server, and the trusted CA certificate to verify the LDAP server certificate is valid and stored in the httpd successfully, but the httpd fails to contact the LDAP server. When setting LDAPLibraryDebug to 7, the following log message appears in the error_log:
TLS trace: SSL_connect:SSLv3/TLS read server certificate request
TLS certificate verification: depth: 0, err: 68, subject: /C=JP/ST=t/L=s/O=r/CN=localhost, issuer: /C=jp/ST=tokyo/O=Default Company Ltd/CN=ca-sha1
TLS certificate verification: Error, CA signature digest algorithm too weak
TLS trace: SSL3 alert write:fatal:bad certificate
TLS trace: SSL_connect:error in error
TLS: can't connect: error:0A000086:SSL routines::certificate verify failed (CA signature digest algorithm too weak).
[Wed Feb 21 12:50:47.435078 2024] [ldap:trace2] [pid 163686:tid 163686] util_ldap.c(649): [client 127.0.0.1:35072] ldap_simple_bind() failed with server down (try 1)
Environment
- Red Hat Enterprise Linux 9
- httpd
- mod_ldap
- httpd
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
