The connection for this site is not secure error when launching iXP URL from Chrome nor Edge after Apache tomcat upgrade to 9.0.43

book

Article ID: 208694

calendar_today

Updated On:

Products

CA Workload Automation iXP

Issue/Introduction

Customer upgraded iXP Tomcat to Apache-tomcat 9.0.43.  The URL does not seem to work from Chrome/Edge browsers.  The following error is seen: 

The connection for this site is not secure

servername.company.com uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.

Environment

Release : 11.4

 

Resolution

Configuration need to enable strong TLS protocols for AE/WCC Tomcat, can also be used for iXP Tomcat's server.xml.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/workload-automation-ae-and-workload-control-center/11-3-6-SP8/installing/ae-installation/post-installation-procedures-for-the-server/change-the-web-server-ssl-protocol-to-tlsv1-20.html

 

Example:  

1) Make a backup of current server.xml

2) Change the SSL connector line to add additional strong cipher/protocol info   

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" acceptCount="100"     ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
     TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
     SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"     keystoreFile="/opt/CA/WorkloadAutomationAE/autouser.ACE/webserver/
     conf/.keystore"     keystorePass="changeit"     maxThreads="400" scheme="https" secure="true"     clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2"/>

 

Note: use appropriate keystore/password and port information

 

3) Save the file

4) Restart iXP