search cancel

SSL Error caused by CA Adapter 9.1SP1


Article ID: 198063


Updated On:


CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort) CA Strong Authentication CA Rapid App Security CA Risk Authentication CA Advanced Authentication


We're using CAAA combined with siteminder(12.8SP1).
Recently we tried to upgrade the siteminder policy server's CA adapter from CP1 to SP1.
And we faced SSL error on siteminder's arcotadaptershim.log.

The massage indicated that some SSL connection trouble happened between policy server and state manager.

Fri Aug 21 17:43:35.169 2020 FATAL:   pid 26592 tid 26613: 0 08/21/20 17:43:35.169 FATAL CORE 26613 00026592 - Failure in POSTing request to State Manager: [SSL Error: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak]

After facing this, we downgraded the adapter from SP1 to CP1 and the error has been eliminated.

The certs we used with SP1 is exactly the same ones we used with CP1. 


Release : 9.1

Component : RiskMinder(Arcot RiskFort)


We have upgraded the OpenSSL version in 9.1 SP1 to increase the security standards in our product and that is causing this issue to happen. Here is a good explanation to this problem -


In adaptershim.ini there are entries pointed to MD5 certs.

Please comment out the below ones and this should take care of the issue.
※We don't use 2 way ssl hand shake.