Apache Lounge



Forum Index Downloads Search Register Log in  RSS Apache Lounge

Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.



A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.

Upgrade to Apache 2.4 (64bit) Certificate failure

Post new topic   Reply to topic    Apache Forum Index -> Apache

View previous topic :: View next topic  
Author Message

Joined: 14 Jul 2017
Posts: 1
Location: UK, London

PostPosted: Fri 14 Jul '17 14:21    Post subject: Upgrade to Apache 2.4 (64bit) Certificate failure Reply with quote

I have uninstalled Apache2.2 (32bit) and replaced with Apache2.4 (64 bit) on my Windows 2012 R2 server and configured my httpd.conf file so that it all works in http.

An element of the site requires SSL (which worked in 2.2) so I have configured that using the same domain certificate but get the following error in the log: SSL Library Error: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak. The Apache service fails to start.

The domain CA is using SHA256 for the hash algorithm so not sure why it is an issue. I have recreated the cert using a CSR generated from the latest OpenSSL version but this has not resolved the problem.

I am not well versed in Apache so have stuck with the default options as much as possible. I'd really appreciate some pointers.
Back to top

Joined: 15 Oct 2005
Posts: 2642
Location: Hilversum, NL, EU

PostPosted: Fri 14 Jul '17 16:25    Post subject: Reply with quote

Looks OpenSSL bails out on CA certificates with MD5 ciphers.

Also have a look at: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
Back to top

Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1