on 05-02-2018 1:21 PM
Hello,
I am facing an issue while setting up SSL for BIP. The goal is to access the BI Launchpad with https and not http. So we changed the ports to 80 and 443 and I was following the tomcat documentations to achieve this.
I created the certificate request which got already signed and finally imported all the certificates. When I am accessing the https://localhost/BOE/BI site I get the following error message: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Can somebody help me out with this?
Thanks!
Hi Mario,
It seems that you have an invalid certificate or it support only old TLS version (old TLS 1.0 is no longer supported )
so, follow this article
https://kinsta.com/knowledgebase/err_ssl_version_or_cipher_mismatch/
and check your certificate SSL check tool , also the TLS version
Second, your tomcat server.xml configuration for SSL should look like this:
<Connector port="7983" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="...<path>.../<keystore>.p12" keystorePass="xxxxxx"/>
...
I hope that will help
Ayman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mario,
Earlier in some of the older versions of the Chrome browser, there was a temporary solution, in which the user could enter chrome://flags, find the Minimum SSLv3 version support feature and set it to SSLv3. In more recent versions, the developers have developed the feature. Now, users can check whether they are able to fix the issue using this option on their browser.
You check detailed here: https://www.wpoven.com/blog/how-to-fix-err_ssl_version_or_cipher_mismatch-error/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for that note. When I am using Internet Explorer I got different error message:
This page can´t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://localhost again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.
I have to check if we are using this RC4 Suite but I have no idea where to check this?!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There is known issue in Chrome. Did you try in IE?
2468705 - SSL URL for WACS server fails on Google Chrome
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.