Problem

When accessing API Portal home page:

https://athos/

page is not loaded and this errors is found in Apache logs:

==> /var/log/apache2/error_log <==
[Mon Feb 15 13:17:39 2016] [error] Unknown cipher ecdhe_rsa_aes_256_sha256
[Mon Feb 15 13:17:39 2016] [error] Unknown cipher ecdhe_rsa_aes_256_sha256
[Mon Feb 15 13:17:39 2016] [error] Certificate not found: 'Server-Cert'

Cause:

Wrong server certificates are present in /etc/apache2/mod_nss SSL database:

athos:~ # certutil -L -d /etc/apache2/mod_nss.d/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI

cacert CTu,u,u
athoscert u,u,u
athoscert u,u,u

Resolution

• Delete 'athoscert' certificates:

athos:~ # certutil -D -n athoscert -d /etc/apache2/mod_nss.d/

athos:~ # certutil -D -n athoscert -d /etc/apache2/mod_nss.d/

• Re-create good server certificates using:

athos:~ # certutil -S -n "Server-Cert" -s "cn=athos.lab.buch.axway.int" -c "cacert" -t "u,u,u" -m 1002 -v 120 -d /etc/apache2/mod_nss.d/
A random seed must be generated that will be used in the
creation of your key. One of the easiest ways to create a
random seed is to use the timing of keystrokes on a keyboard.
To begin, type keys on the keyboard until this progress meter
is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!

Continue typing until the progress meter is full:
|************************************************************|
Finished. Press enter to continue:

Generating key. This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.

• Check the certificates:

athos:~ # certutil -L -d /etc/apache2/mod_nss.d/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
cacert CTu,u,u
Server-Cert u,u,u

• Restart Apache

athos:~ # service apache2 restart