<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">We are working on migrating an EAPTLS setup from Radiator 3.13 up to Radiator 4.19.  I’ve moved the relevant certificates and configuration and when I try to have my endpoint device authenticate I’m getting the same error:
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Tue Jul 28 10:53:17 2020: ERR: TLS could not use_certificate_file /etc/radiator/cert/certificates/radius.pem, 1:  2956: 1 - error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The key is signed with 2048-bits and RSA encryption, md5.  I’m using the AuthbyFreeRadius handler for this. 
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I sent a message yesterday but I wasn’t getting any replies, so I’m not sure if it was blocked due to spam or not.  I’m not sure where I need to go.  I don’t really want to regenerate new certificates but if that’s my only option I will. 
 I did set EAPTLS_SecurityLevel to 1 and that didn’t help.  <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" align="left" width="420" style="width:315.0pt">
<tbody>
<tr style="height:15.0pt">
<td width="5" valign="top" style="width:3.75pt;padding:0in 0in 0in 0in;height:15.0pt">
<p class="MsoNormal" style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
 <o:p></o:p></p>
</td>
<td width="418" valign="top" style="width:313.5pt;padding:0in 0in 0in 0in;height:15.0pt">
<p class="MsoNormal" style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
<b><span style="font-family:"Arial",sans-serif;color:#003366">Brandon Shiers, RF Engineer</span></b><o:p></o:p></p>
</td>
</tr>
<tr>
<td width="5" valign="top" style="width:3.75pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
 <o:p></o:p></p>
</td>
<td width="418" valign="top" style="width:313.5pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
<span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#006600">937 West Main Street<br>
Riverton, WY 82501</span><o:p></o:p></p>
</td>
</tr>
<tr>
<td width="5" valign="top" style="width:3.75pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
 <o:p></o:p></p>
</td>
<td width="418" valign="top" style="width:313.5pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
<span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#006600">307.857.6704 (o)<br>
307.840.2366 (c)<br>
307.856.1499 (f)<br>
<a href="mailto:BrandonS@wyoming.com"><span style="color:blue">BrandonS@wyoming.com</span></a></span><o:p></o:p></p>
</td>
</tr>
<tr style="height:52.5pt">
<td colspan="2" style="padding:0in 0in 0in 0in;height:52.5pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
<a href="http://www.wyoming.com/" target="_blank"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:blue;text-decoration:none"><img border="0" width="205" height="60" style="width:2.1354in;height:.625in" id="_x0000_i1025" src="http://www.wyoming.com/emailsignatures/logo.jpg" alt="Wyoming.com"></span></a><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>