The connection for this site is not secure
servername.company.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
The connection for this site is not secure error when launching iXP URL from Chrome nor Edge after Apache tomcat upgrade to 9.0.43
Article ID: 208694
Updated On:
Products
CA Workload Automation iXP
Issue/Introduction
Customer upgraded iXP Tomcat to Apache-tomcat 9.0.43. The URL does not seem to work from Chrome/Edge browsers. The following error is seen:
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.
Environment
Release : 11.4
Resolution
Configuration need to enable strong TLS protocols for AE/WCC Tomcat, can also be used for iXP Tomcat's server.xml.
https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/workload-automation-ae-and-workload-control-center/11-3-6-SP8/installing/ae-installation/post-installation-procedures-for-the-server/change-the-web-server-ssl-protocol-to-tlsv1-20.html
Example:
1) Make a backup of current server.xml
2) Change the SSL connector line to add additional strong cipher/protocol info
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" acceptCount="100" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" keystoreFile="/opt/CA/WorkloadAutomationAE/autouser.ACE/webserver/
conf/.keystore" keystorePass="changeit" maxThreads="400" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2"/>
Note: use appropriate keystore/password and port information
3) Save the file
4) Restart iXP
Feedback
Yes
No
Powered by
