generated new weak key, cert and try to use it with current cosmic's openssl and succeed:
# openssl genrsa -des3 -out myCA.key 600 # openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem # openssl s_server -cert myCA.pem -key myCA.key -WWW
# wget --ca-certificate myCA.pem https://localhost:4433 --2019-04-11 16:18:41-- https://localhost:4433/ Resolving localhost (localhost)... ::1, 127.0.0.1 Connecting to localhost (localhost)|::1|:4433... connected. HTTP request sent, awaiting response... 200 ok Length: unspecified [text/plain] Saving to: 'index.html.2'
index.html.2 [ <=> ] 237 --.-KB/s in 0s
2019-04-11 16:18:41 (15.6 MB/s) - 'index.html.2' saved [237]
# dpkg -l | grep libssl ii libssl1.1:amd64 1.1.1-1ubuntu2
Upgraded to: # dpkg -l | grep libssl ii libssl1.1:amd64 1.1.1-1ubuntu2.2
And now wget fails with too small key error, whilst the s_server is still running:
# wget --ca-certificate myCA.pem https://localhost:4433 --2019-04-11 16:20:09-- https://localhost:4433/ Resolving localhost (localhost)... ::1, 127.0.0.1 Connecting to localhost (localhost)|::1|:4433... connected. ERROR: cannot verify localhost's certificate, issued by 'CN=localhost,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU': EE certificate key too weak To connect to localhost insecurely, use `--no-check-certificate'.
generated new weak key, cert and try to use it with current cosmic's openssl and succeed:
# openssl genrsa -des3 -out myCA.key 600
# openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
# openssl s_server -cert myCA.pem -key myCA.key -WWW
# wget --ca-certificate myCA.pem https:/ /localhost: 4433 /localhost: 4433/ |::1|:4433. .. connected.
--2019-04-11 16:18:41-- https:/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)
HTTP request sent, awaiting response... 200 ok
Length: unspecified [text/plain]
Saving to: 'index.html.2'
index.html.2 [ <=> ] 237 --.-KB/s in 0s
2019-04-11 16:18:41 (15.6 MB/s) - 'index.html.2' saved [237]
# dpkg -l | grep libssl
ii libssl1.1:amd64 1.1.1-1ubuntu2
Upgraded to:
# dpkg -l | grep libssl
ii libssl1.1:amd64 1.1.1-1ubuntu2.2
And now wget fails with too small key error, whilst the s_server is still running:
# wget --ca-certificate myCA.pem https:/ /localhost: 4433 /localhost: 4433/ |::1|:4433. .. connected. O=Internet Widgits Pty Ltd,ST= Some-State, C=AU': certificate' .
--2019-04-11 16:20:09-- https:/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)
ERROR: cannot verify localhost's certificate, issued by 'CN=localhost,
EE certificate key too weak
To connect to localhost insecurely, use `--no-check-