IMC
cancel
Showing results for 
Search instead for 
Did you mean: 

Login page SSL error after upgrade to iMC PLAT v7.3 (E0605)

SOLVED
Go to solution
denn93
Occasional Contributor

Login page SSL error after upgrade to iMC PLAT v7.3 (E0605)

Hello!

after upgrade to iMC PLAT v7.3 (E0605)  the imc is not working anymore. 

i only got this error:

This page can't be displayed

This page can't be displayed

Make sure the web address https://imc.ad.local:8443 is correct.

Look for the page with your search engine.

Refresh the page in a few minutes.

Make sure TLS and SSL protocols are enabled. Go to Tools > Internet Options > Advanced > Settings > Security

I i check in the Deployment agent Monitor everything is green and can not see any errors.  I did not get any errors when uppdating IMC to the latest version. 

Some have any ides? 

 

8 REPLIES
LindsayHill
Honored Contributor

Re: Login page SSL error after upgrade to iMC PLAT v7.3 (E0605)

Check to see if your server is listening on port 8443 (or port 443) using netstat.

denn93
Occasional Contributor

Re: Login page SSL error after upgrade to iMC PLAT v7.3 (E0605)

the server is litsning on the port.  but only gets the answer  ERR_SSL_VERSION_OR_CIPHER_MISMATCH .

if i use 8080 and http  i can reach imc and use the system.  

only get errors when trying on HTTPS.

LindsayHill
Honored Contributor

Re: Login page SSL error after upgrade to iMC PLAT v7.3 (E0605)

You'll need to investigate your server & browser combination more closely, to figure out why they can't agree. You could start by trying another browser, and using "openssl s_client" to look at what ciphers & SSL versions the server is offering, and from there figure out why your browser doesn't like those.

CCTobias
Occasional Advisor

Re: Login page SSL error after upgrade to iMC PLAT v7.3 (E0605)

100% exactly the same behaviour here

mschrein2
Frequent Advisor

Re: Login page SSL error after upgrade to iMC PLAT v7.3 (E0605)

the problem is with the $IMC/client/conf/server.xml file (this is the file which defines the http and https connectors), it is missing the ciphers for https

please open a case with hpe to get a working one

mschrein2
Frequent Advisor
Solution

Re: Login page SSL error after upgrade to iMC PLAT v7.3 (E0605)

this is how the server.xml file should look like:

 

<?xml version="1.0" encoding="utf-8" standalone="no"?><!-- Embedded iMC Web Ccontainer (Tomcat) --><Server port="8005" shutdown="SHUTDOWN">

    <!-- Listeners -->
    <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
    <Listener className="org.apache.catalina.core.JasperListener"/>
    <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
    <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
    <Listener className="com.h3c.imc.traceLog.iMCTraceWebListener"/>      

    <!-- Service -->
    <Service name="Catalina">

        <!-- HTTP Connector  useURIValidationHack设成"false",可以减少它对一些url的不必要的检查从而减省开销。-->
        <Connector URIEncoding="UTF-8" acceptCount="100" compressableMimeType="text/html,text/xml,text/xhtml,text/css,text/javascript,text/plain" compression="on" compressionMinSize="2048" connectionTimeout="60000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxPostSize="5242880" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol" redirectPort="8443" server="Server" useURIValidationHack="false"/>

        <!-- HTTPS Connector -->
        <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" clientAuth="false" compressableMimeType="text/html,text/xml,text/xhtml,text/css,text/javascript,text/plain" compression="on" compressionMinSize="2048" connectionTimeout="60000" disableUploadTimeout="true" enableLookups="false" keystoreFile="security/newks" keystorePass="iMCV500R001" maxHttpHeaderSize="8192" maxPostSize="5242880" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" server="Server" sslProtocol="TLS"/>

        <!-- AJP Connectors, disabled in default configuration  keystoreFile="security/server.crt"
            keystorePass="1" -->
        <!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->
        <!-- <Connector port="8019" protocol="AJP/1.3" scheme="https" secure="true"
            /> -->

        <!-- Engine: imcEngine -->
        <Engine defaultHost="imcHost" name="imcEngine">

            <!-- Host: imcHost -->
            <Host appBase="web/apps" autoDeploy="false" name="imcHost" server="Server" startStopThreads="10" unpackWARs="true" workDir="web/work">

                <!-- No host access log in default configuration   startStopThreads="4"  hostConfigClass="com.h3c.imc.orderHostConfig.ContextDeployOrderHostConfig"-->
                <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
                    prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t &quot;%r&quot;
                    %s %b" /> -->

            </Host>
        </Engine>
    </Service>
</Server>

denn93
Occasional Contributor

Re: Login page SSL error after upgrade to iMC PLAT v7.3 (E0605)

I installed a new imc server to solve the problem.  

on the old server i add the:

<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" clientAuth="false" compressableMimeType="text/html,text/xml,text/xhtml,text/css,text/javascript,text/plain" compression="on" compressionMinSize="2048" connectionTimeout="60000" disableUploadTimeout="true" enableLookups="false" keystoreFile="security/newks" keystorePass="iMCV500R001" maxHttpHeaderSize="8192" maxPostSize="5242880" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" server="Server" sslProtocol="TLS"/>

server.xml and now it works.  

On the new server the ciphers is in the server.xml .  So looks like this problem coming up when updating  to the (E0605). 

 

EMachabert
Occasional Visitor

Re: Login page SSL error after upgrade to iMC PLAT v7.3 (E0605)

Adding the CIPHER suite does the trick.

I would add that while you are editing this file you could enhance the security by disabling Poodle attack vector by adding this parameter: 

sslEnabledProtocols="TLSv1.1,TLSv1.2"

 

see CVE-2014-3566 https://support.hpe.com/hpsc/doc/public/display?docId=mmr_kc-0123277