ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

The connection for this site is not secure error when launching iXP URL from Chrome nor Edge after Apache tomcat upgrade to 9.0.43

book

Article ID: 208694

calendar_today

Updated On:

Products

CA Workload Automation iXP

Issue/Introduction

Customer upgraded iXP Tomcat to Apache-tomcat 9.0.43.  The URL does not seem to work from Chrome/Edge browsers.  The following error is seen: 

The connection for this site is not secure

servername.company.com uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.

Environment

Release : 11.4

 

Resolution

Configuration need to enable strong TLS protocols for AE/WCC Tomcat, can also be used for iXP Tomcat's server.xml.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/workload-automation-ae-and-workload-control-center/11-3-6-SP8/installing/ae-installation/post-installation-procedures-for-the-server/change-the-web-server-ssl-protocol-to-tlsv1-20.html

 

Example:  

1) Make a backup of current server.xml

2) Change the SSL connector line to add additional strong cipher/protocol info   

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" acceptCount="100"     ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
     TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
     SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"     keystoreFile="/opt/CA/WorkloadAutomationAE/autouser.ACE/webserver/
     conf/.keystore"     keystorePass="changeit"     maxThreads="400" scheme="https" secure="true"     clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2"/>

 

Note: use appropriate keystore/password and port information

 

3) Save the file

4) Restart iXP