Friday, September 29, 2023
 Popular · Latest · Hot · Upcoming
rated 0 times [  32] [ 0]  / answers: 1 / hits: 50757  / 2 Years ago, sun, april 3, 2022, 7:11:12
2022-05-10 17:07:15 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak:

2022-05-10 17:07:15 OpenSSL: error:0A000086:SSL routines::certificate verify failed

I use openvpn (with 3 configuration files: .ovpn, .p12, .key, from my terminal: sudo openvpn with these parameters: --config --pkcs12 --tls-auth).

Everything was working before upgrading to latest Ubuntu version. Then no connection possible and a lot of errors like that in the quote.

I requested a new certificate from our sysadmins, and the problem remains. It was not a problem of expired certificate.

I see this seems to be related to OpenSSL 3.0. And other people have the same issue.

Our sysadmin said I should solve it on my computer for the moment. They will solve it on the server later.

I already tried this:
but no change.

Can you help me to solve it, please? I am blocked in my work by this issue for 2 days already. Thank you. (Note I am really bad when I need to set/configure things... :) )

More From » openvpn


I've just hit the same issue using IP-Vanish after having done a clean install of 22.04 after using 20.04 successfully for a long time.

I have tried both solutions, putting the lines in the top of the /etc/ssl/openssl.cnf file (copy/pasted to make sure there were no typos), and also adding the additional tls-cipher (and even replacing it) in the .ovpn file, but neither is allowing me to connect.

I've contacted IP-Vanish directly and included the information provided here.

I'd be grateful if anyone manages to solve this issue, and if IP-Vanish come back to me with a reply, I'll post it up.


IP-Vanish have returned with a temporary solution until they can update their certificates.

1: Add the VPN connection as normal using the Network Manager GUI

2: Edit the connection file in /etc/NetworkManager/system-connections/(connectionname).nmconnection where (connectionname) is the name of your VPN conection

3: In the [vpn] section, beneath the line that starts ca=, add a new line reading


Replace [0-5] with a value between 0 and 5, see here for security level information, and to gather which security level you should be using. For most, security level 0 will be adequate.

4: Save the file

5: Enter the command systemctl restart NetworkManager

6: Start the VPN connection as normal and it should connect (mine did anyway and I verified it by checking my IP and location)

[#519] Sunday, April 3, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.

Total Points: 197
Total Questions: 113
Total Answers: 112

Location: Hungary
Member since Wed, Nov 9, 2022
12 Months ago