Browser returns ERR_SSL_VERSION_OR_CIPHER_MISMATCH when attempting to login to the NetOps Portal after importing a new CA Signed Certificate
PM Release 3.7.x and later
There are 2 possible causes for this:
The CA Signed Certificate was imported to a keystore that does not have Private Key info added on it (keystore).
The resolution for possible cause 1 listed above is:
a. Make a copy of the jetty keystore:
cp /opt/CA/PerformanceCenter/jetty/etc/keystore /opt/CA/PerformanceCenter/jetty/etc/keystore.backup
b. Delete the Certificate entered in error:
/opt/CA/jre/bin/keytool -delete -keystore /opt/CA/PerformanceCenter/jetty/etc/keystore -alias incorrect_alias
c. Import the CA Signed Certificate again:
/opt/CA/jre/bin/keytool -import -keystore /opt/CA/PerformanceCenter/jetty/etc/keystore -alias capm -trustcacerts -file /path/to/ca/signed/cert.cer
d. Restart the SSO, DM and Console services:
systemctl stop caperfcenter_sso caperfcenter_devicemanager caperfcenter_console
systemctl start caperfcenter_sso caperfcenter_devicemanager; sleep 20; systemctl start caperfcenter_console
e. Close down any existing browser windows of your browser of choice and attempt to access the NetOps Portal GUI once more.
The resolution for possible cause 2 listed above is:
a. Create a new keystore, now generating a new key-pair. i.e:
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
b- Generate the .csr file and send it to your CA (Certificate Authority), in order to get a new certificate file;
c- Backup the jetty keystore;
d- Import the new certificate file to the new keystore;
e- Update accordingly the both files below, providing the new keystore path and password information:
/opt/CA/PerformanceCenter/PC/start.d/ssl.ini
/opt/CA/PerformanceCenter/sso/start.d/ssl.ini
f- Restart NetOps Portal services;
You can refer to the following article to get directions on how to execute the steps 2b, 2c, 2d and 2f above:
How to Update The NetOps Portal SSL/TLS certificate
https://knowledge.broadcom.com/external/article/37756