Thursday, December 10, 2015

vRealize Orchestrator receiving ssl_error_weak_server_ephemeral_dh_key message

If you try to connect to your orchestrator server on port 8281 or 8283 you see the following message within your browser:

Secure Connection Failed

An error occurred during a connection to vro2uzis2.user.bicadmin.com:8281. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

  • ·      The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  • ·      Please contact the website owners to inform them of this problem.






Here is how to fix this:

  • Login to your vRealize Orchestrator server via SSH as root user 
  • Copy the file /etc/vco/app-server/server.xml

server:~ # cp /etc/vco/app-server/server.xml /etc/vco/app-server/server.20151210.xml

  • Edit the file /etc/vco/app-server/server.xml and remove within the cipher section everything starting with TLS_DHE_*

server:~ # vi /etc/vco/app-server/server.xml

  • Copy the file /etc/vco/configuration/server.xml

server:~ # cp /etc/vco/configuration/server.xml /etc/vco/configuration/server.20151210.xml

  • Edit the file /etc/vco/configuration/server.xml and remove within the cipher section everything starting with TLS_DHE_*

server:~ # vi /etc/vco/configuration/server.xml

  • Restart the vRealize Orchestrator and vRealize Orchestrator Configurator services

server:~ # service vco-server restart
server:~ # service vco-configurator restart

No comments:

Post a Comment