Ssl – how use weak client certificate with curl/openssl

curlopensslssl

I'm trying to use a PCKS12 client certificate with curl 7.58.0 and OpenSSL 1.1.1 on Ubuntu 18.04 server.
My certificate info is:

~# openssl pkcs12 -info -in cert.p12 -noout -nomacver
Enter Import Password:
MAC: sha1, Iteration 1
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

When I try to use it with curl like this: 

curl --cert-type P12 --cert cert.p12:******* https://server.com

I get 

curl: (58) could not load PKCS12 client certificate, OpenSSL error error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

How can I make curl/openssl accept this certificate?
I tried --insecure and --tlsv1.0 but none of them worked for me.

EDIT
Output of openssl pkcs12 -in cert.p12 -nokeys | openssl x509 -text -noout is: 

Enter Import Password:
MAC verified OK
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1558524593 (0x5ce532b1)
    Signature Algorithm: md5WithRSAEncryption
        Issuer: C=IR, ST=Tehran, O=IPM, OU=IRNIC dotIR ccTLD, CN=IRNIC department/emailAddress=info@nic.ir
        Validity
            Not Before: May 22 11:29:53 2019 GMT
            Not After : Nov 22 11:29:53 2019 GMT
        Subject: C=IR, ST=Tehran, L=Tehran, O=Hamid Reza Naeini, OU=Hamid Reza Naeini, CN=da74-irnic,T234/emailAddress=nic@fanavaidc.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:de:57:fa:8c:7f:44:18:87:58:04:73:91:be:1a:
                    f4:5d:63:22:7c:79:a8:b8:7c:af:13:91:39:6e:11:
                    5d:f6:e7:70:13:d0:0f:9c:38:90:f5:13:da:c1:d1:
                    5d:73:8b:85:d0:00:bf:0f:ad:c3:e4:a3:91:87:51:
                    10:e2:b8:3b:03:fe:44:82:7b:4f:e4:b2:29:43:9c:
                    bb:33:7d:1d:2b:81:76:55:1d:69:57:fe:ac:ec:0f:
                    a6:4c:ec:4b:a1:0c:10:63:f5:ec:c7:1f:8a:68:e9:
                    95:7a:4c:22:21:47:5f:50:22:e8:c9:60:b2:c2:89:
                    5c:da:73:df:b1:e3:bf:66:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                40:F0:CE:06:33:DD:40:3B:69:F2:97:89:43:EF:8D:12:BB:88:E7:2A
            X509v3 Authority Key Identifier: 
                keyid:FC:D4:95:B1:9E:AD:B8:1B:94:09:3B:77:A1:CF:09:D7:F5:D6:BE:BE
                DirName:/C=IR/ST=Tehran/O=IPM/OU=IRNIC dotIR ccTLD/CN=IRNIC department/emailAddress=info@nic.ir
                serial:AF:4A:3A:99:D9:CE:99:C1

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: md5WithRSAEncryption
         88:a7:d8:8e:63:6f:15:69:cd:45:31:8b:2e:14:f1:48:bf:66:
         24:33:b5:ef:6d:5f:75:8b:31:f2:94:09:b6:c2:72:87:09:b8:
         31:4c:8b:c5:8d:b0:03:f3:70:91:63:fc:ed:52:19:62:31:98:
         82:e4:e9:e8:14:2a:c9:6c:ca:fc:3f:d6:e0:fc:d2:94:82:88:
         4e:0b:5a:77:74:19:de:99:17:e8:ba:c9:58:b9:6f:d9:e6:c9:
         f6:de:26:e7:6e:2e:02:4d:f9:2c:6b:e2:1f:9f:0a:7a:35:d0:
         5e:9c:cd:09:74:fa:df:a4:c8:5a:42:82:91:8c:6f:68:a9:06:
         14:51:1f:22:46:8f:0b:db:13:1d:17:bc:b2:c1:fd:41:5b:5b:
         2b:57:9c:cf:a8:7f:64:2a:4b:6e:a6:e6:37:c4:b0:3b:ef:11:
         df:90:d3:b7:65:aa:40:40:f4:cd:d1:87:4d:22:20:4b:4b:13:
         bc:e8:14:79:c5:a9:14:6d:6e:6b:22:8e:21:27:44:26:23:8d:
         a0:2f:38:21:03:7f:cd:e1:cb:dc:51:d7:a5:a5:87:af:a3:65:
         d1:a3:7c:84:78:43:c6:74:40:fe:fd:97:5c:23:ad:ec:5f:a1:
         ef:05:89:ac:5c:85:20:74:17:f9:95:cf:66:30:73:ec:04:0f:
         41:67:8c:3a

Best Answer

Surprisingly you can downgrade your OS to use older version of curl and it's being okay! We are use Ubuntu 16.04 instead of 19.10 and we can connect to nic server.

Related Topic