After adding certificate to enable SSL on the UI you cannot access teh UI using https.
Assuming you have followed the steps in the OPDK Operations Guide you may still have an issue accessing
returning SSL_PROTOCOL_ERROR
The reason for this is that there is an incompatibility between OpenJDK and some linux's standard version of Network Security Services (nss). The reason is that certain cyphers (Elliptic Curve Cryptography (ECC) are not in the standard OpenJDK libraries, but are in Oracle, so that when someone tries to use https the following error(s) will be logged to start.out:
p.nettyException - Exception caught in Netty java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1345) ~[na:1.7.0_95] at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519) ~[na:1.7.0_95] at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:799) ~[na:1.7.0_95] at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:767) ~[na:1.7.0_95] at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.7.0_95] Caused by: java.security.ProviderException: java.security.InvalidAlgorithmParameterException at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:146) ~[sunec.jar:1.7.0_95] at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:704) ~[na:1.7.0_95] at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:65) ~[na:1.7.0_95] at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1367) ~[na:1.7.0_95] at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1154) ~[na:1.7.0_95] Caused by: java.security.InvalidAlgorithmParameterException: null at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method) ~[sunec.jar:1.7.0_95] at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:126) ~[sunec.jar:1.7.0_95] at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:704) ~[na:1.7.0_95] at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:65) ~[na:1.7.0_95] at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1367) ~[na:1.7.0_95]
To check nss version you can type:
sudo yum info nss
To resolve the issue type:
sudo yum upgrade nss
and ensure the version is at least 3.19, then restart the apigee components on that server.
Solved! Go to Solution.
Thanks for sharing @Paul
Thanks for sharing @Paul
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |