Chrome Security Error When Accessing the Web Admin Interface

When connecting to the Web Admin using Chrome you might run into the following error and not be able to connect:

--- 
Server has a weak ephemeral Diffie-Hellman public key

ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY 
---

This error message is caused by recent updates to Google Chrome to protect against the TLS Logjam Vulnerability.  For more information on the TLS Logjam Attack, please refer to the following helpdesk article:

https://helpdesk.forumsys.com/entries/94053427

 

This article focuses on building a new SSL Termination policy to replace existing Factory SSL Termination policy found under System-->Settings-->System

 Logjam.PNG

 

Creating an SSL termination Policy

First you will need to use your own certs.  One you have the certs to use you can import these into Sentry under Resources-->PKI-->Keys

Creating an SSL Termination policy is done as follows:

  1. Go to Resources-->Security Policies-->SSL and click New
  2. Select Termination then click Next
  3. Name your policy and select the Key Pair to use
  4. Click on the link “Show cipher suites” and deselect DHE cipher suites then click Create
  5. Go to System-->Settings-->System and select the new SSL Termination policy then Save

You will now be using this SSL Termination policy when accessing the Web Admin.

0 Comments

Article is closed for comments.