After SSL enable we seen the below issue in Chrome & Firefox Browsers.
Accessing Weblogic Console URL in Browser Gives Error code: ssl_error_weak_serverEnterprise Manager (EM) 12c Cloud Control uses 10.3 weblogic server; accessing weblogic console URL (https://<OMS HOSTNAME>:7101/console) in browser gives the following error:
In Chrome Browser:
Server has a weak, ephemeral Diffie-Hellman public key
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
In Firefox Browser:
SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.
(Error code: sl_error_weak_server_ephemeral_dh_key)
This is on HP-UX, Will be applicable to other Unix Flavors.
Find and confirm what possible ciphers been supported with your platform & JDK Version.Possibly like below, Add them to config.xml under "SSL" tag.
<ssl>
<name>oam_server1</name>
<enabled>true</enabled>
#################
<ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite><ciphersuite>TLS_RSA_WITH_RC4_128_MD5</ciphersuite>
<ciphersuite>SSL_RSA_WITH_RC4_128_MD5</ciphersuite>
<ciphersuite>SSL_RSA_WITH_RC4_128_SHA</ciphersuite>
<ciphersuite>SSL_RSA_WITH_3DES_EDE_CBC_SHA</ciphersuite>
<ciphersuite>SSL_RSA_WITH_DES_CBC_SHA</ciphersuite>
<ciphersuite>TLS_RSA_WITH_AES_128_CBC_SHA</ciphersuite>
#################
And also check for enable or disable below parameters.
#################
<hostname-verification-ignored>true</hostname-verification-ignored>
<client-certificate-enforced>false</client-certificate-enforced>
#################
Once you are good with the parameters restart the Managed Server. And be sure that your certs loaded and Application url listening on desired Ports.
Good Luck!!
Srikanth
No comments:
Post a Comment