puppet-certs uses md5 internally to check for difference between expected and actual certs (might break in FIPS)
There is 0 security implication of this issue and it doesn't break with puppet in FIPS either, as
by default, puppet is statically linked with their openssl distribution. We should however
not consciously use md5 and other non-FIPS compliant algorithms.