I was using 6.2 and because of the announced security issues in java and mysql I upgraded to 6.2P1.
So now when I try to open the website with Chrome of FF I get this nice error:
Server has a weak ephemeral Diffie-Hellman public key
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY Hide details This error can occur when connecting to a secure (HTTPS) server. It means that the server is trying to set up a secure connection but, due to a disastrous misconfiguration, the connection wouldn't be secure at all!
In this case the server needs to be fixed. Google Chrome won't use insecure connections in order to protect your privacy."
When I try to open it with IE the page get`s displayed but my password won't get accepted.
User+PW work fine when using the shell directly.
So great update! (At least for me) a total desaster!
Thanks for reporting the issue and sorry for any inconvenience caused. Please read through on the Issue, Cause and Solution.
1. You mentioned that the issue is occurred while upgrading from 6.2 to 6.2P1.
2. Observation was that your web browser shows that SSL/TLS handshake attempts to use a public key smaller than 1024 bits, for ephemeral Diffie-Hellman key agreement. Error: ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY.
3. You would have used latest browser with security updates that would have notified about ths CVE.
While we work towards addressing new set of Vulnerabilities, below is the solution to bring Unified Manager up and running. As we donot have the exact web browser/client system versions that you are using, we request you to confirm if the below solution works.
Login to the System as ROOT and Execute the below commands in the specified order. The steps backs-up /opt/netapp/essentials/jboss/server/onaro/deploy/jbossweb.sar/server.xml.backup and removes weaker cipher from server.xml
service ocie stop
cp /opt/netapp/essentials/jboss/server/onaro/deploy/jbossweb.sar/server.xml /opt/netapp/essentials/jboss/server/onaro/deploy/jbossweb.sar/server.xml.backup
sed 's/TLS_DHE_RSA_WITH_AES_128_CBC_SHA,//' /opt/netapp/essentials/jboss/server/onaro/deploy/jbossweb.sar/server.xml > tmp && mv -f tmp /opt/netapp/essentials/jboss/server/onaro/deploy/jbossweb.sar/server.xml
sed 's/TLS_DHE_DSS_WITH_AES_128_CBC_SHA,//' /opt/netapp/essentials/jboss/server/onaro/deploy/jbossweb.sar/server.xml > tmp && mv -f tmp /opt/netapp/essentials/jboss/server/onaro/deploy/jbossweb.sar/server.xml
service ocieau start
service ocie start
Need More Information:
1. Please provide the version of web browser you are using.
2. Did you make any modification to web browser in terms of security settting and installing any security add-ons. if Yes please specify the details.
Thanks for reporting the issue and also providing more information. As mentioned in my 2nd reply, for vApp You need to contact NetApp Customer Support to gain the root access to the Virtual Appliance. The reason is vApp is locked down system and hence Customer Support Engineer will help you in making necessary changes. Please raise support ticket.
While Opera is NOT supported browser to be used with Unified Manager product. Supported Browsers include : IE, FireFox, Chrome and Safari. Please follow below to access Unified Manager and Update your finding accordingly.
1. Firefox Latest Version.
2. In case you are using Google Chrome 45.0.2414.0 dev-m or other which is showing the error. You must first uninstall Chrome and use Google Chrome latest version 45.0.2431.0 or higher.