KB Article #177726
Certificate not found: 'Server-Cert' when accessing API Portal
Problem
When accessing API Portal home page:
https://athos/
page is not loaded and this errors is found in Apache logs:
==> /var/log/apache2/error_log <==
[Mon Feb 15 13:17:39 2016] [error] Unknown cipher ecdhe_rsa_aes_256_sha256
[Mon Feb 15 13:17:39 2016] [error] Unknown cipher ecdhe_rsa_aes_256_sha256
[Mon Feb 15 13:17:39 2016] [error] Certificate not found: 'Server-Cert'
Cause:
Wrong server certificates are present in /etc/apache2/mod_nss SSL database:
athos:~ # certutil -L -d /etc/apache2/mod_nss.d/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
cacert CTu,u,u
athoscert u,u,u
athoscert u,u,u
Resolution
- Delete 'athoscert' certificates:
athos:~ # certutil -D -n athoscert -d /etc/apache2/mod_nss.d/
athos:~ # certutil -D -n athoscert -d /etc/apache2/mod_nss.d/
- Re-create good server certificates using:
athos:~
# certutil -S -n "Server-Cert" -s "cn=athos.lab.buch.axway.int" -c
"cacert" -t "u,u,u" -m 1002 -v 120 -d /etc/apache2/mod_nss.d/
A random seed must be generated that will be used in the
creation of your key. One of the easiest ways to create a
random seed is to use the timing of keystrokes on a keyboard.
To begin, type keys on the keyboard until this progress meter
is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!
Continue typing until the progress meter is full:
|************************************************************|
Finished. Press enter to continue:
Generating key. This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.
- Check the certificates:
athos:~ # certutil -L -d /etc/apache2/mod_nss.d/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
cacert CTu,u,u
Server-Cert u,u,u
- Restart Apache
athos:~ # service apache2 restart