AutoSys Workload Automation

  • Private Community
Back to discussions
Expand all | Collapse all

Tech Tip: When trying to access Workload Control Center (WCC) using Chrome v45 message  "Server has a weak ephemeral Diffie-Hellman public key" can bee seen.

  • 1.  Tech Tip: When trying to access Workload Control Center (WCC) using Chrome v45 message  "Server has a weak ephemeral Diffie-Hellman public key" can bee seen.

    Posted Sep 16, 2015 12:34 PM

    When trying to access Workload Control Center (WCC) using Chrome v45 the message:  "Server has a weak ephemeral Diffie-Hellman public key" can bee seen.

     

    This message won't let the customers to access WCC GUI.

     

    As of Chrome version 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key smaller than 1024 bits.

     

    In order to solve this problem please edit the Server.xml file from the paths:

    C:\Program Files\CA\Workload Control Center\tomcat_32\conf\

    and
    C:\Program Files\CA\Workload Control Center\tomcat\conf

    .......

    ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"

    .......

    After saving the files restart the CA WCC services



  • 2.  Re: Tech Tip: When trying to access Workload Control Center (WCC) using Chrome v45 message  "Server has a weak ephemeral Diffie-Hellman public key" can bee seen.

    Posted Oct 12, 2015 03:44 PM

    Where does the ciphers line go in server.xml? In the Service section? In the GlobalNamingResource? In the Connector section inside Service section? Please be more specific exactly where the cipher line is added.

    Thanks

    Mark



  • 3.  Re: Tech Tip: When trying to access Workload Control Center (WCC) using Chrome v45 message  "Server has a weak ephemeral Diffie-Hellman public key" can bee seen.

    Posted Oct 13, 2015 09:31 AM

    Hi Mark,

     

    Open the server.xml file in a text editor.
    Locate the <Connector .../> XML element.
    Insert the following attribute:

    ....

    ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"

    .....

    The <Connector .../> XML element should display as follows:
    Note: "..." illustrates other attributes
    ============================================================================================================
    <Connector ...
    ...
    compression="on"
    keyPass="changeit"
    keyAlias="tomcat"
    compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css,application/x-javascript"
    server="WCC"
    ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
    />
    ============================================================================================================

    IMPORTANT: The ciphers line is all one contiguous line including the element closing tag (/>).
    Ensure that each cipher is specified without any spaces in between.

     

    Regards