Can't log in to Foglight console using https (4265530)

Chat now with support

Live-Hilfe anfordern
Registrierung abschließen

Anmelden

Preisinformationen anfragen

Vertrieb kontaktieren

Zurück

Feedback übermittelt

Konnten Sie mithilfe dieses Artikels ein Problem lösen?

Bewertung auswählen

Titel

Can't log in to Foglight console using https
Beschreibung

Cannot access the Foglight console using https (8443).

The following message is reported in Internet Explorer (IE):

This page can't be displayed

SSL_ERROR_NO_CYPHER_OVERLAP"

The following messages are reported in Chrome:

The webpage is not available

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

A secure connection cannot be established because this site uses an upsupported protocol.

TLS 1.0, 1.1, and 1.2 are selected under the Advanced tab of the IE Internet options.

Setting “Use SSL 3.0” under the Advanced tab of the IE Internet options did not help.
Ursache

CAUSE 1

The key on the FMS was using a DHE-DSS-AES256-SHA cipher. The key on another FMS at the site that was not showing the same problem was using a AES256-SHA cipher.

CAUSE 2

The key file is missing in the key store.
Lösung
RESOLUTION 1

A self-signed certificate is being used.

The output of the "openssl s_client -connect hostname:8443 -debug -showcerts" command indicates that the protocol used by the self-signed certificate is TLSv1 and the cipher is DHE-DSS-AES256-SHA

New, TLSv1/SSLv3, Cipher is DHE-DSS-AES256-SHA

SSL-Session:

Protocol : TLSv1

Cipher : DHE-DSS-AES256-SHA
Regenerate the self-signed certificate on the FMS using RSA encryption; for more information refer to How to generate a new self-signed certificate for the Foglight Management Server (4378707).

RESOLUTION 2

The key file is missing in the keystore, only the certificate is available.
1. Please run the below command to list all keys and certificates in the tomcat.keystore:
  
  $FMS_HOME/jre/bin/keytool -keystore $FMS_HOME/config/tomcat.keystore -list -v > MyKeysList.txt
2. Now review the output file MyKeysList.txt and make sure there are 2 entries with the following entry type parameter:
  Entry type: PrivateKeyEntry
  Entry type: trustedCertEntry
3. If the privateKeyEntry is missing please generate a new key, signed it again and import the certificate afterwards. Use this command to generate the key:
  $FMS_HOME/jre/bin/keytool -keystore $FMS_HOME/config/tomcat.keystore -storepass nitrogen -alias tomcat -keyalg RSA -keysize 2048 -genkeypair -validity 365 -ext SAN=dns:servername.domain.com
Solution 4254114 provides the detailed steps to import a 3 party certificate.

Feedback übermittelt

Konnten Sie mithilfe dieses Artikels ein Problem lösen?

Bewertung auswählen

Request a KB Article

Empfohlener Inhalt

Produkt(e):: Foglight
6.1.0, 6.0.0, 5.9.8, 5.9.7, 5.9.5, 5.9.4, 5.9.3, 5.9.2, 5.7.5, 5.7.1, 5.6.11, 5.6.10, 5.6.7, 5.6.5, 5.6.4, 5.6.3, 5.6.2; Foglight for Databases
6.1.0, 6.0.0, 5.9.7, 5.9.5, 5.9.4, 5.9.3, 5.9.2; Foglight for Virtualization Enterprise Edition
8.3, 8.2, 8.0.1, 8.0, 7.2.1, 7.2, 7.1.1, 7.1, 7.0, 6.8, 6.7.1, 6.7, 6.6.2, 6.6.1, 6.6

Thema/Themen:: Configuration

Artikelhistorie:: Erstellt am: 12/5/2015
Letzte Aktualisierung am: 3/11/2025

Alle Artikel durchsuchen

Bitte w&auml;hlen Sie Ihr Produkt aus:

Damit wir Ihnen besser helfen können, geben Sie den Grund Ihres Chats an:

Empfohlene Lösungen für Ihr Problem

Can't log in to Foglight console using https (4265530)

Titel

Beschreibung

Ursache

Lösung

Leave a Comment

Bitte wählen Sie Ihr Produkt aus: