Highlighted
Valued Contributor.. Valued Contributor..
Valued Contributor..
16925 views

SSL - this site uses an unsupported protocol or cipher suite such as RC4 (10.20 HPNA)

After we installed domain signed CA cert on the HPNA 10.20 server keystore / truststore, and we have error on all browsers showing on the front page.

This page can’t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting
to https://xxxxxxx again. If this error persists, it is possible
that this site uses an unsupported protocol or cipher suite such as RC4 (link
for the details), which is not considered secure. Please contact your site
administrator.


The certs was extracted with openssl on the p7b.
openssl pkcs7 -print_certs -in ./ca.p7b -inform DER -outform PEM > all_cert.crt

 

Can anyone share some ideas please where to look at the issue?


Google the error link to:

https://social.technet.microsoft.com/Forums/windows/en-US/96a57fe1-2ea0-4e0d-b3c1-a5b5aa5b016e/unable-to-connect-to-a-specific-ssl-web-site-because-rc4-based-cipher-suite-not-sent-by-ie-11-in?forum=w7itprosecurity

Suggest:
Turn on SSLv3 / v2 (Grey out - domain policy disable). TLS 1.0/ 1.1/1.2 are on in IE .


Reason of disable:
POODLE: SSLv3 vulnerability (CVE-2014-3566)
https://access.redhat.com/articles/1232123

Tags (1)
0 Likes
3 Replies
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

I am seeing this issue now after we made our URL secured.  Does anyone have a solution?  Your assistance is greatly appreciated.

Larry

0 Likes
Highlighted
Super Contributor.
Super Contributor.

For security stuff is recommended to go directly with support.

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

That means that the format to extract the certificates and concecuent CA aren't on a valid format.

I suggest you use the procedure listed on the Admin Guide under ► Adding a CA-Signed Certificate to NA ◄ 

the correct commands and procedure are listed there.

Pedro A. Batista
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the THUMB at the bottom left of the post and show your appreciation.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.