Certificate error while pushing notifications to update a pass

App & System Services Notifications
jin.xiaoming OP
Created Dec ’20
Replies 1
Boosts 0
Views 2.3k
Participants 1
We upgraded our Ubuntu server to the latest 20.04. After this process, pushing notifications by Pass Type ID certificate for updating a pass gives the following error:

error: Error: [('SSL routines', 'SSL_CTX_use_certificate', 'ca md too weak')]

Executing

openssl x509 -in certificate.pem -noout -text | grep 'Signature Algorithm'

returns the following:

Signature Algorithm: sha1WithRSAEncryption

The OpenSSL version installed is 1.1.1f

Apple already start to use the new Apple Worldwide Developer Relations Intermediate Certificate which used SHA-256 to sign the certs start from Sep 2020, like development and distribution certificates except Pass Type ID certificate https://developer.apple.com/support/expiration/

If it's related to the issue ?

Replies  1
Boosts  0
Views  2.3k
Participants  1
jin.xiaoming OP
Dec ’20
We did a temporary fix by setting lower SSL security level.

In particular, the openSSL configuration file /etc/ssl/openssl.cnf shall be modified in the following way.
At the beginning, add openssl_conf = default_conf
At the end, add
Code Block 
[ default_conf ]
ssl_conf = ssl_sect
[ssl_sect]
system_default = ssl_default_sect
[ssl_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT:@SECLEVEL=0

After this modification, the certificate is recognized without security errors.


Referenced from: itectec.com/ubuntu/ubuntu-certificate-error-after-upgrade-to-20-04

0
Certificate error while pushing notifications to update a pass
First post date Last post date
 
 
Q