We're using CAAA combined with siteminder(12.8SP1).
Recently we tried to upgrade the siteminder policy server's CA adapter from CP1 to SP1.
And we faced SSL error on siteminder's arcotadaptershim.log.
The massage indicated that some SSL connection trouble happened between policy server and state manager.
Fri Aug 21 17:43:35.169 2020 FATAL: pid 26592 tid 26613: 0 08/21/20 17:43:35.169 FATAL CORE 26613 00026592 - Failure in POSTing request to State Manager: [SSL Error: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak]
After facing this, we downgraded the adapter from SP1 to CP1 and the error has been eliminated.
The certs we used with SP1 is exactly the same ones we used with CP1.
We have upgraded the OpenSSL version in 9.1 SP1 to increase the security standards in our product and that is causing this issue to happen. Here is a good explanation to this problem -
Release : 9.1
Component : RiskMinder(Arcot RiskFort)
In adaptershim.ini there are entries pointed to MD5 certs.