При генерации сертификата для openvpn сервера используется устаревший алгоритм: md5WithRSAEncryption Из за этого запуск openvpn сервера средствами альтератора не возможен: мар 12 16:13:23 workstation-9-i586 openvpn[31245]: Diffie-Hellman initialized with 1024 bit key мар 12 16:13:23 workstation-9-i586 openvpn[31245]: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak мар 12 16:13:23 workstation-9-i586 openvpn[31245]: Cannot load certificate file /var/lib/ssl/certs/openvpn-server.cert openssl x509 -in /var/lib/ssl/certs/openvpn-server.cert -text -noout Certificate: Data: Version: 1 (0x0) Serial Number: 3 (0x3) Signature Algorithm: md5WithRSAEncryption Issuer: C = RU, O = test, OU = test Certification Authority, CN = test Root Certification Authority Validity Not Before: Mar 12 13:29:40 2020 GMT Not After : Mar 12 13:29:40 2021 GMT Subject: C = RU, O = openvpn-server-test, OU = openvpn-server-test, CN = openvpn-server-test Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c1:39:ef:09:34:f4:12:88:d5:e5:25:5c:c7:04: 4a:e1:7d:67:b0:72:3f:94:a1:bf:1e:9c:45:20:73: 01:f7:ab:aa:0b:18:f0:1a:59:ff:62:21:31:3c:7a: 6a:2d:eb:25:08:26:0b:23:48:8d:9c:c4:74:0f:75: ed:e0:33:d0:39:33:c8:cb:cf:1e:ce:27:40:b2:0b: 3a:74:72:72:b5:a0:0c:dd:e9:3b:cd:d1:c2:bc:a2: 6b:1b:73:b0:54:f4:f2:2b:89:60:57:28:6a:d7:e3: 93:06:92:23:ab:a1:bb:b2:b2:9b:d1:07:92:8c:f9: d4:33:fe:80:d4:69:e7:7b:73:14:7a:1e:48:1b:1c: f4:74:0a:8f:0a:9a:6f:3a:42:3e:85:1e:62:7b:70: f1:58:9d:86:0c:ac:fd:73:2b:db:73:e5:10:62:ab: a7:b4:b4:4b:70:c5:82:ed:f1:ad:78:f7:52:1f:f3: a7:b4:05:8b:52:8c:0e:49:df:76:cd:f6:cf:95:99: 9e:6e:b8:c1:1f:3c:64:b7:a3:2e:ef:18:75:4b:dc: 96:26:43:28:39:59:90:b0:1e:3e:13:fb:4a:17:b2: 36:33:c1:f0:9e:b0:c9:9b:a3:a9:c7:2a:24:d4:8b: 1e:ed:59:f7:cf:a2:fa:4d:1a:a0:1a:57:2d:c0:23: d2:09 Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 98:4d:44:49:20:48:62:c1:6d:c1:42:ba:4b:5f:86:46:82:1e: e8:86:71:fd:f8:4f:9e:1b:86:52:1c:c3:c3:69:97:1e:27:58: a6:7f:94:e5:f5:b7:89:68:ae:9a:c1:bd:1b:67:bc:d2:5b:fa: 47:ad:0e:97:6d:44:89:73:c8:1a:97:6b:92:df:b6:93:a5:95: f6:fc:06:38:0f:7e:59:2f:d7:1c:e6:aa:ae:5a:e2:ee:61:51: 76:fa:c5:bf:e4:88:b4:91:c4:f7:82:57:0d:04:ff:c3:3c:87: e5:b0:4d:cf:f6:3d:04:ec:6c:be:d6:e1:07:fd:34:22:28:2a: 51:29
cert-sh-functions-1.0.6-alt1 -> sisyphus: Fri Mar 13 2020 Andrey Cherepanov <cas@altlinux> 1.0.6-alt1 - Use sha256 algorithm for cert generate for request (ALT #38213).
Проблема остается открытой, исправление не помогло решить проблему с устаревшим алгоритмом.
Поправил: http://webery.altlinux.org/task/248434 Жду подтверждения от @cas
alterator-ca-0.5.7-alt1 -> sisyphus: Tue Mar 24 2020 Slava Aseev <ptrnine@altlinux> 0.5.7-alt1 - Use sha256 default_md (Closes: #38213)
А, там @everybody был p9: http://webery.altlinux.org/task/248436
