Hi,
I'm using OBIEE 11.1.1.6 and I want to access from Internet using the HTTPS protocol (using a self-signed certificate for DEV and a CA-signed certificate for PROD).
For Test, we have created a self signed cert issuing following commands:
1: keytool -genkey -alias parex_cert -keyalg RSA -keysize 1024 -validity 1020 -keypass parexcert -keystore identity.jks -storepass parexcert
Answers: CN=****, OU=*****, O=*************, L=********************, ST=*************, C=****
2: keytool -export -alias parex_cert -file root.cer -keystore identity.jks -storepass parexcert
3: keytool -import -alias parex_cert -file root.cer -keystore trust.jks -storepass parexcert
We configured bi_server domain to listen on https (port 443) and identity store and trust store are correctly used. If we try to access with chrome, we get error (ERR_SSL_PROTOCOL_ERROR) and can't do anything.
So happens with firefox (it gives us the error: ssl_error_no_cypher_overlap) , but if we go to "about:config" on firefox and query "security.tls.insecure_fallback_hosts" and we set "ceresm3" parameter, then we do get the certificate warning and can continue forward.
Having said that, we would like to know what we must do to avoid to configure that parameter on firefox and (why we can't or) how we can access with chrome.
Any recommendation? Is this problem related to self-signeds certificates? Would it happen again in PROD if I use CA-signed certificate?