Is the CA cert signed with SHA-1? If so, you can try to check if the CA has a cross-signed CA cert with SHA2 you can use for the customer's current certificate chain or just tell your customer to reissue the cert with a full SHA2 chain. Best Regards /P -- --
On Thu, 12 Oct 2023 at 04:27, Craig H Silva (Cenitex) <craig.si...@cenitex.vic.gov.au.invalid> wrote: > > This is probably not the most appropriate mail list to ask this question. > > Basically we have apache 2.4.3 on a solaris 10 host running openssl > 1.0.2zf. > > This was OK up until the 117 release of Chrome, which now rejects sha1. > > Funny thing is that one vhost with the same ssl config is ok, whilst one > vhost is failing. From all that I can tell, the only difference is the > certificates - the CA cert is different. > > I'm the unix admin (typically I don't do the httpd config - that's our > customer), but the customer wants to make it our issue. Of course this is > the customer that has resisted upgrading the OS. > > > There is one available patch for openssl from Oracle (151912-22 - openssl > 1.02.zf) but I can't get any info at this point on whether that might > address the issue. > > > Its only Chrome that is failing at the moment, but interested on any > thoughts, ideas from this list as to whether there is any work around that > could be attempted. > > > > <http://cenitex.vic.gov.au/> > > > > <https://www.linkedin.com/company/cenitex/> > <https://twitter.com/cenitex> > <https://www.facebook.com/cenitex.vic.gov.au/> > > *Craig Silva *| Specialist Engineer – Unix & Storage Services > > Level 18, 80 Collins Street, Melbourne 3000 > > (03) 9063 5126 > > cenitex.vic.gov.au > > > > > > > > Cenitex acknowledges the Traditional Owners and custodians of the land and > we pay our respects to their Elders, past, present and emerging. We are an > inclusive workplace that embraces diversity in all its forms. > > > > > ------------------------------ > Notice: > > This email and any attachments may contain information that is personal, > confidential, legally privileged and/or copyright. No part of it should be > reproduced, adapted or communicated without the prior written consent of > the > copyright owner. > > It is the responsibility of the recipient to check for and remove viruses. > > If you have received this email in error, please notify the sender by > return > email, delete it from your system and destroy any copies. You are not > authorised > to use, communicate or rely on the information contained in this email. > > Please consider the environment before printing this email. >
