Run yarn test would be failed with error: SSL_CTX_use_certificate:ca md too weak

[rockwyc992]

Do you want to request a feature or report a bug?
Bug

What is the current behavior?

 FAIL  __tests__/util/request-manager.js
  ✕ RequestManager.request with cafile (104ms)
  ✕ RequestManager.request with ca (string) (3ms)
  ✕ RequestManager.request with ca (array) (2ms)
  ✕ RequestManager.request with mutual TLS (2ms)

  ● RequestManager.request with cafile

    error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

      20 |     cert: await fs.readFile(path.join(__dirname, '..', 'fixtures', 'certificates', 'server-cert.pem')),
      21 |   };
    > 22 |   const server = https.createServer(options, (req, res) => {
      23 |     res.end('ok');
      24 |   });
      25 |   try {

      at Object.<anonymous> (__tests__/util/request-manager.js:22:24)
      at step (node_modules/babel-runtime/helpers/asyncToGenerator.js:17:30)
      at node_modules/babel-runtime/helpers/asyncToGenerator.js:28:13

Test Suites: 1 failed, 1 total
Tests:       4 failed, 11 passed, 15 total
Snapshots:   0 total
Time:        2.138s
Ran all test suites matching /__tests__\/util\/request-manager.js/i.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

If the current behavior is a bug, please provide the steps to reproduce.

• use Debian 10.0(buster), which release on 2019/07/06, or sid version.
• execute jest unit test, like follow command yarn test-only __tests__/util/request-manager.js

What is the expected behavior?
It will pass all test case.

Please mention your node.js, yarn and operating system version.

$ node -v
v12.6.0
$ yarn -v
1.18.0-0
$ uname -a
Linux 001713996ca0 4.19.0-5-amd64 #1 SMP Debian 4.19.37-5 (2019-06-19) x86_64 GNU/Linux
$ openssl version
OpenSSL 1.1.1c  28 May 2019

[rockwyc992]

I found a post from Debian.

This is caused by the SECLEVEL 2 . SHA-1 is no longer supported for signatures in certificates and you need at least SHA-256

I think we need to generate new certificate file with SHA-256 signature algorithm, last time we update these key-pair is 3 years ago. ( #1588 )

[rockwyc992]

Also, these key-pair will be expired on 2019/07/28.

$ openssl x509 -text -in __tests__/fixtures/certificates/server-cert.pem -noout
        Signature Algorithm: sha1WithRSAEncryption
            Not After : Jul 28 11:00:57 2019 GMT

We need update there as soon as posible, or CI test will be failed.

  ● RequestManager.request with cafile
    certificate has expired

  ● RequestManager.request with ca (string)
    certificate has expired

  ● RequestManager.request with ca (array)
    certificate has expired

  ● RequestManager.request with mutual TLS
    Client network socket disconnected before secure TLS connection was established

[rockwyc992]

fixed by #7457 .