certificate is signed using a weak signature algorithm!

Turns out that this results in SSL certificates that use the weaker MD5 signature hash algorithm which is the cause of the complaint. This is easily fixed by adding ‘-sha1’ to the openssl command line when generating the certificate. Like so:

$ openssl req -new -x509 -sha1 […]