On 23 Oct 2019, at 03:49, Wouter Verhelst <Wouter.Verhelst@xxxxxxxxx> wrote: > I know that SHA1 is insecure these days, but I have no control over the algorithms used in this particular CA, and I need to be able to use it. This is a case of pushing back to get the incompetent CA to update. Even if you manage to get Apache to do this, the browsers will balk at it. > Anyone have any idea if it's possible to relax the requirements for client CAs somehow? I don’t think so, it’s been deprecated for several years and breakable for several more. Chrome dropped support in 2016, possibly early 2017 (Chrome 54 comes to mind)? Safari dropped any support for SHA1 this year. -- 99 percent of lawyers give the rest a bad name. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx