Unable to access UI using https

Not applicable

After adding certificate to enable SSL on the UI you cannot access teh UI using https.

Assuming you have followed the steps in the OPDK Operations Guide you may still have an issue accessing

returning SSL_PROTOCOL_ERROR

The reason for this is that there is an incompatibility between OpenJDK and some linux's standard version of Network Security Services (nss). The reason is that certain cyphers (Elliptic Curve Cryptography (ECC) are not in the standard OpenJDK libraries, but are in Oracle, so that when someone tries to use https the following error(s) will be logged to start.out:

p.nettyException - Exception caught in Netty
java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException
	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1345) ~[na:1.7.0_95]
	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519) ~[na:1.7.0_95]
	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:799) ~[na:1.7.0_95]
	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:767) ~[na:1.7.0_95]
	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.7.0_95]
Caused by: java.security.ProviderException: java.security.InvalidAlgorithmParameterException
	at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:146) ~[sunec.jar:1.7.0_95]
	at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:704) ~[na:1.7.0_95]
	at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:65) ~[na:1.7.0_95]
	at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1367) ~[na:1.7.0_95]
	at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1154) ~[na:1.7.0_95]
Caused by: java.security.InvalidAlgorithmParameterException: null
	at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method) ~[sunec.jar:1.7.0_95]
	at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:126) ~[sunec.jar:1.7.0_95]
	at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:704) ~[na:1.7.0_95]
	at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:65) ~[na:1.7.0_95]
	at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1367) ~[na:1.7.0_95]

To check nss version you can type:

sudo yum info nss

To resolve the issue type:

sudo yum upgrade nss

and ensure the version is at least 3.19, then restart the apigee components on that server.

Solved Solved
2 1 384
1 ACCEPTED SOLUTION

1 REPLY 1

Thanks for sharing @Paul