java - Error code: ssl_error_no_cypher_overlap when trying to sign with own CA -
i using web application running in apache tomcat 6.0.44 uses oracle jre1.7u72. i've followed below steps sign server certificate using self created ca.followed steps link
creation of own ca
openssl genrsa -des3 -out ca.key 4096 openssl req -new -x509 -days 365 -key ca.key -out ca.crt openssl genrsa -des3 -out server.key 4096 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -ca ca.crt -cakey ca.key -set_serial 01 -out server.crt deleting old certificate using keytool command keytool -list -keystore <path of keystore file> -alias aliasname -storepass password importing newly created server certificate signed own ca keytool -importcert -keystore <path of keystore> -alias alias -storepass password -file server.crt and obtained follow error secure connection failed
an error occurred during connection x.x.x.x. cannot communicate securely peer: no common encryption algorithm(s). (error code: ssl_error_no_cypher_overlap)
the error
an error occurred during connection x.x.x.x. cannot communicate securely peer: no common encryption algorithm(s). (error code: ssl_error_no_cypher_overlap) means server you've set up, , browser used connect server not have common encryption algorithm.
you have either of 2 things
adapt apache tomcat support more algorithms (or more protocol versions). read apache tomcat documentation , tomcat , ssl docu how that.
adapt browser. if use (you did not state anything, therefore i'm using common used browser) e.g., firefox check support forum answer, if not work try the solution blog. need change
about:configparameters , enable few more cipher suites.
the goal have @ least 1 common used algorithm on both ends - tomcat , browser. algorithm used should secure enough.
Comments
Post a Comment