Posts tagged ssl

NetScaler VPX and the “ssl_error_no_cypher_overlap”

If your management gui is not able to use SSL, or In order to fix the ssl_error_no_cypher_overlap error with the netscaler VPX

access your netscaler via http://yournsip/

Go to “Load Balancing” -> Services -> Internal Services

Open up the nshttps-127.0.0.1-443 service

Click over to the SSL Settings tab and click on the Ciphers button

Remove all ciphers and add “DEFAULT” under the “Configured Ciphers Group”

Do the same exact procedure for the nsrpcs-127.0.0.1-3008

After you click on, Hit the Save button, and try to connect to your NSIP with https

Facebook Twitter Email Linkedin Digg Delicious

Convert a PKCS#12 file (pfx) containing a private key and certificates to PEM

Need to add an existing SSL Cert to Apache or some Linux Based Appliance?

It’s easy, in a few simple steps…

Using OpenSSL, issue these commands:

This will output a PEM file that contains both the certificate and the private key

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

This is how i create the separate files for Jboss, Using -nocerts and -nokeys is how I create separate files for Jboss and Apache

Facebook Twitter Email Linkedin Digg Delicious

Solving the “sun.security.validator.ValidatorException: PKIX path building failed” Error

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

If you are here is because you got that error above and you are trying to figure out why, and how to solve it…

well, im here to help you get it solved fast so you can get back to whatever it is you were doing before you looked this up 🙂

  1. Get a copy of the .cer file, either right from the server you are trying to access, or by installing it to your machine then exporting it
  2. Get Portecle and Run it
  3. From Inside Portecle, click on “Open Keystore File”, find the cacert file for your Java installation (In my case it is C:\Program Files\Java\jre1.6.0_07\lib\security\cacerts)
  4. When prompted for a password, it will probably be one of the defaults, I used “changeit”
  5. Click on “Import Trusted Certificate”, find the .cer file from step 1, add it, agree to everything (specially if its a self signed cert)
  6. Hit the save button, and voila, your ssl’ing away

Note: If you have a jssecacerts file in your security folder, java will always look at the jssecacerts file first and Ignore your cacerts file, so you must get rid of the jssecacerts file before java will look at cacerts

Facebook Twitter Email Linkedin Digg Delicious
Go to Top