RHEL9 deprecated SHA-1. Here is the article: https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
Here is a work-around from the article:
I still want to install SHA-1 signed packages! This is discouraged. Even a signature from a years old RPM could be hacked recently by an attacker. If you really know what you are doing, there’s a possibility to use dnf --nogpgcheck option. Alternatively you can also switch to the legacy crypto policy:
> update-crypto-policies --set LEGACY
> ```
> Or explicitly allow the SHA-1:
>
```bash
> update-crypto-policies --set DEFAULT:SHA1
> ```
> **But please don’t forget to switch back, e.g.:**
>
```bash
> update-crypto-policies --set DEFAULT
> ```