Using Chrome to access eDiscovery Platform user interface causes a non-secure connection error

book

Article ID: 100048450

calendar_today

Updated On:

Description

Error Message

From Chrome:
net::err_cert_weak_signature_algorithm

Cause

The SSL Root CA certificate on the server is using SHA1 as a hashing algorithm.  This is considered a weak algorithm by Chrome.

Resolution

Install a new certificate that uses SHA2 as the hashing algorithm.

  1. Open a Command Prompt either from Start > Command Prompt or Start > Run and type CMD
     
  2. Either change or create a directory where you will make your certificate request.  (e.g. D:\NewCertRequest\)
     
  3. Create a certificate signing request (CSR) by creating a new keystore that matches the name/IP address of your appliance:

    keytool -genkey -alias clearwellkey -keyalg RSA -sigalg SHA256withRSA -keystore newserver.keystore -keysize 2048

    Enter keystore password: 123456
    What is your first and last name?
    [Unknown]:     your_appliance_name
    What is the name of your organizational unit?
    [Unknown]:     your_org_unit
    What is the name of your organization?
    [Unknown]:     your_org
    What is the name of your City or Locality?
    [Unknown]:     your_city
    What is the name of your State or Province?
    [Unknown]:     your_state
    What is the two-letter country code for this unit?
    [Unknown]:     your_country_code
    Is CN=your_appliance_name, OU=your_org_unit, O=your_org,L=your_city, ST=your_state, C=your_country_code correct?
    [no]: yes

    Note: In order for eDP to recognize the new keystore, the password MUST be 123456 and the response for first and last name (CN) must be the exact DNS name or IP address that end-users will ultimately use to access the appliance. You must use the fully qualified DNS name instead of the IP address in case the IP address changes in the future. All other responses do not matter for the function of the appliance.  Replace any statements beginning with your with appropriate values.
     
  4. Create the CSR.

    keytool -certreq -alias clearwellkey -keystore newserver.keystore -file my.csr -keyalg RSA -sigalg SHA256withRSA -ext san=dns:edp-app1.edp.lab 
    Note: Replace dns:edp-app1.edp.lab with the appropriate value, as mentioned above.
  5. Import the new certificate to the keystore 

Issue/Introduction

After updating a certificate on the eDiscovery Platform (eDP) server and then attempting to access the user interface (UI) the error below is generated. However, accessing the UI via Internet Explorer does not generate the error.
Powered by Wolken Software