Cannot acces to localhost:8443/ejbca

Question

I'm new in ejbca and i have to install it on a virtual machine for job

    Ubuntu 20.04
    ejbca_7_4_3_2
    wildfly-18.0.0.Final
    mariadb-server version: 10.3.32-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04
    openjdk version "1.8.0_312"
    Apache Ant(TM) version 1.10.7 compiled on October 24 2019

After a few try's(and a lot of virtual machines cloned and deleted), i finally get the "build successfully" message with the commands ant runinstall and ant deploy-keystore But when i try to use the URL https://localhost:8443/ejbca/ (the certificate SuperAdmin.p12 is installed) my browser(firefox 96.0 64bits) give the message

    An error occurred during a connection to localhost:8443. Cannot communicate securely with peer: no common encryption algorithm(s).
    
    Error code: SSL_ERROR_NO_CYPHER_OVERLAP

i have this errors on my log file, the first one related with ant -q clean deployear and the last, appear every time i try to access via URL https://localhost:8443/ejbca/

    ERROR [org.jboss.as.jsf] (MSC service thread 1-1) WFLYJSF0002: Could not load JSF managed bean class: org.ejbca.ui.web.admin.peerconnector.PeerConnectorMBean

    ERROR [io.undertow.request] (default I/O-2) Closing SSLConduit after exception on handshake: javax.net.ssl.SSLHandshakeException: no cipher suites in common
      at sun.security.ssl.Alert.createSSLException(Alert.java:131)
      at sun.security.ssl.Alert.createSSLException(Alert.java:117)
      at sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
      at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
      at sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
      at sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:461)
      at sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:296)
      at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
      at sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1020)
      at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:727)
      at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:693)
      at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
      at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
      at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:981)
      at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:915)
      at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1072)
      at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
      at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
      at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
      at java.lang.Thread.run(Thread.java:748)

Answer 1

ERROR [io.undertow.request] (default I/O-2) Closing SSLConduit after exception

Sounds like a TLS configuration issue. You will find the TLS configuration you did when configuring WildFly in the commands you ran like:

/opt/wildfly/bin/jboss-cli.sh --connect '/subsystem=elytron/server-ssl-context=httpspriv:add(key-manager=httpsKM,protocols=["TLSv1.2"],use-cipher-suites-order=false,cipher-suite-filter="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",trust-manager=httpsTM,need-client-auth=true)'

The result is somewhere in standalone.xml in WildFly, and you can modify it directly in WildFly. For example if you have EC keys in the server certificate while using the above RSA algorithm selection.

In server.log you should also see when WildFly starts up if there are any error in parsing the values, or keystores. Make sure that you server and client certificates have keys and algorithms that match the TLS algorithm settings, otherwise WildFly will remove those algortihms.