diff --git a/requirements/base.txt b/requirements/base.txt
index d27bef99f6823..9937a8bd12b1f 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -60,7 +60,7 @@ cron-descriptor==1.2.24
     # via apache-superset
 croniter==1.0.15
     # via apache-superset
-cryptography==39.0.0
+cryptography==3.4.7
     # via
     #   apache-superset
     #   paramiko
@@ -93,9 +93,7 @@ flask-compress==1.13
 flask-jwt-extended==4.3.1
     # via flask-appbuilder
 flask-login==0.6.0
-    # via
-    #   apache-superset
-    #   flask-appbuilder
+    # via flask-appbuilder
 flask-migrate==3.1.0
     # via apache-superset
 flask-sqlalchemy==2.5.1
@@ -152,6 +150,7 @@ markupsafe==2.1.1
     # via
     #   jinja2
     #   mako
+    #   werkzeug
     #   wtforms
 marshmallow==3.13.0
     # via
@@ -285,7 +284,6 @@ werkzeug==2.1.2
     # via
     #   flask
     #   flask-jwt-extended
-    #   flask-login
 wtforms==2.3.3
     # via
     #   apache-superset
diff --git a/setup.py b/setup.py
index f9b4a7d67f2b8..0ad5563bdf1f3 100644
--- a/setup.py
+++ b/setup.py
@@ -80,7 +80,7 @@ def get_git_sha() -> str:
         "colorama",
         "croniter>=0.3.28",
         "cron-descriptor",
-        "cryptography>=39.0.0,<40",
+        "cryptography>=3.3.2",
         "deprecation>=2.1.0, <2.2.0",
         "flask>=2.1.3, <2.2",
         "flask-appbuilder>=4.2.0, <5.0.0",
diff --git a/superset/utils/core.py b/superset/utils/core.py
index 6f86372f753f6..8eb313a2ace32 100644
--- a/superset/utils/core.py
+++ b/superset/utils/core.py
@@ -74,8 +74,9 @@
 import numpy as np
 import pandas as pd
 import sqlalchemy as sa
+from cryptography import x509
 from cryptography.hazmat.backends import default_backend
-from cryptography.x509 import Certificate, load_pem_x509_certificate
+from cryptography.hazmat.backends.openssl.x509 import _Certificate
 from flask import current_app, flash, g, Markup, render_template, request
 from flask_appbuilder import SQLA
 from flask_appbuilder.security.sqla.models import Role, User
@@ -1534,7 +1535,7 @@ def override_user(user: Optional[User], force: bool = True) -> Iterator[Any]:
         delattr(g, "user")
 
 
-def parse_ssl_cert(certificate: str) -> Certificate:
+def parse_ssl_cert(certificate: str) -> _Certificate:
     """
     Parses the contents of a certificate and returns a valid certificate object
     if valid.
@@ -1544,7 +1545,9 @@ def parse_ssl_cert(certificate: str) -> Certificate:
     :raises CertificateException: If certificate is not valid/unparseable
     """
     try:
-        return load_pem_x509_certificate(certificate.encode("utf-8"), default_backend())
+        return x509.load_pem_x509_certificate(
+            certificate.encode("utf-8"), default_backend()
+        )
     except ValueError as ex:
         raise CertificateException("Invalid certificate") from ex
 
diff --git a/tests/integration_tests/utils_tests.py b/tests/integration_tests/utils_tests.py
index 967a4e9388cf4..70487da280864 100644
--- a/tests/integration_tests/utils_tests.py
+++ b/tests/integration_tests/utils_tests.py
@@ -910,6 +910,7 @@ def test_merge_extra_filters_with_extras(self):
     def test_ssl_certificate_parse(self):
         parsed_certificate = parse_ssl_cert(ssl_certificate)
         self.assertEqual(parsed_certificate.serial_number, 12355228710836649848)
+        self.assertRaises(CertificateException, parse_ssl_cert, "abc" + ssl_certificate)
 
     def test_ssl_certificate_file_creation(self):
         path = create_ssl_cert_file(ssl_certificate)