0

I am using a web application which is running in Apache Tomcat 6.0.44 uses oracle jre1.7u72. I've followed the below steps to sign the server certificate using self created CA.followed the steps from this link

creation of own CA

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt


openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr

openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

deleting the old certificate using keytool command

keytool -list -keystore <path of the keystore file> -alias aliasname -storepass password


importing the newly created server certificate signed by own CA 
keytool -importcert -keystore <path of the keystore> -alias alias -storepass password -file server.crt

and obtained the follow error Secure Connection Failed

An error occurred during a connection to x.x.x.x. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

Shriram
  • 4,343
  • 8
  • 37
  • 64
  • And what is your question? – Manuel Jul 24 '15 at 04:41
  • can you please why it is showing this error and what is the mistake i have done here/in the website? – Shriram Jul 24 '15 at 04:48
  • How did you obtain the secure connection? Show us some code. The error is pretty easy self explanatory. – Manuel Jul 24 '15 at 04:57
  • Pasted the steps which i have done. Also i have shared the link. What is the code you are expecting out of this. Please tell what is the action to be taken care for this error. – Shriram Jul 24 '15 at 05:39
  • Are you connecting with a web browser to the server (which has the certificate you've created installed)? – Manuel Jul 24 '15 at 06:01
  • yes. self generated certificate using in the above step server.crt – Shriram Jul 24 '15 at 06:05

1 Answers1

0

The error

An error occurred during a connection to x.x.x.x. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

means that the server you've set up, and the browser you used to connect to the server do not have a common encryption algorithm.

You have do to either of those two things

  1. Adapt your apache tomcat to support more algorithms (or more protocol versions). Read the apache tomcat documentation and the tomcat and ssl docu how to do that.

  2. Adapt your browser. If you use (you did not state anything, therefore I'm using a common used browser) e.g., firefox check the support forum for an answer, if that does not work try the solution from this blog. Basically you just need to change the about:config parameters and enable a few more cipher suites.

The goal is to have at least one common used algorithm on both ends - tomcat and browser. The algorithm used should be secure enough.

Manuel
  • 3,828
  • 6
  • 33
  • 48