Hi Mathieu,
Hold on, I think I can help you but not before tomorrow evening
Hopefully someone will beat me on it...
Jacques
Le 03/03/2019 à 19:00, Mathieu Lirzin a écrit :
Hello,
I am facing a rather annoying issue when using OFBiz trunk on localhost
which prevents me from using my preferred Web browsers.
The issue is that some of the browsers I use or more precisely the
library used by those browsers to do the TLS handshake seems to not
accept the default certificate provided by OFBiz. Here is the specific
error I get on Chromium:
--8<---------------cut here---------------start------------->8---
This site can’t provide a secure connection localhost uses an unsupported
protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher
suite.
--8<---------------cut here---------------end--------------->8---
Which is similar to what I have on GNU Icecat (→ Firefox)
--8<---------------cut here---------------start------------->8---
Secure Connection Failed
An error occurred during a connection to localhost:8443. Cannot communicate
securely with peer: no common encryption algorithm(s). Error code:
SSL_ERROR_NO_CYPHER_OVERLAP
The page you are trying to view cannot be shown because the authenticity
of the received data could not be verified.
Please contact the website owners to inform them of this problem.
--8<---------------cut here---------------end--------------->8---
I am using a rather exotic GNU/Linux distribution which is GuixSD so it
might be difficult for any of you to reproduce the issue. However my
guess is that the format of the OFBiz certificate is considered outdated
on my machine. As a consequence I would like to try to upgrade that
certificate to a more recent format version. Unfortunately I don't know
much about SSL/TLS and in particular I don't know what is the proper way
to regenerate the OFBiz certificate.
The README in “framework/base/config/” mentions the details of that
certificate but does not mention the command which has been used to
generate it. Does anyone know how I could achieve the regeneration of
tha certificate?
Thanks.
