4 Replies Latest reply on Jun 14, 2016 1:45 PM by user11970052

    OBIEE and HTTPS err_ssl_protocol_error ssl_error_no_cypher_overlap

    user11970052

      Hi,

       

      I'm using OBIEE 11.1.1.6 and I want to access from Internet using the HTTPS protocol (using a self-signed certificate for DEV and a CA-signed certificate for PROD).

       

      For Test, we have created a self signed cert issuing following commands:

      1: keytool -genkey -alias parex_cert -keyalg RSA -keysize 1024 -validity 1020 -keypass parexcert -keystore identity.jks -storepass parexcert

      Answers: CN=****, OU=*****, O=*************, L=********************, ST=*************, C=****

      2: keytool -export -alias parex_cert -file root.cer -keystore identity.jks -storepass parexcert

      3: keytool -import -alias parex_cert -file root.cer -keystore trust.jks -storepass parexcert

       

      We configured bi_server domain to listen on https (port 443) and identity store and trust store are correctly used.  If we try to access with chrome, we get error (ERR_SSL_PROTOCOL_ERROR) and can't do anything.

      So happens with firefox (it gives us the error: ssl_error_no_cypher_overlap) , but if we go to "about:config" on firefox and query "security.tls.insecure_fallback_hosts" and we set "ceresm3" parameter, then we do get the certificate warning and can continue forward.

       

      Having said that, we would like to know what we must do to avoid to configure that parameter on firefox and (why we can't or) how we can access with chrome.

       

      Any recommendation? Is this problem related to self-signeds certificates? Would it happen again in PROD if I use CA-signed certificate?