Troubleshooting
Problem
After you replace the keystore for DOORS Web Access, accessing DOORS Web Access results in SSL_ERROR_NO_CYPHER_OVERLAP error.
Symptom
Accessing DOORS Web Access results in the following page
Cause
The keystore is not created with Signature algorithm SHA256withRSA.
Diagnosing The Problem
Check the Signature algorithm used for the keystore by running the following command:
keytool -list -v -keystore <keystore-file>
In the following example, the Signature algorithm is SHA256withDSA
C:\IBM\jre\bin>keytool -list -v -keystore MyDWAKey.keystore
Enter keystore password:
Keystore type: jks
Keystore provider: IBMJCE
Your keystore contains 1 entry
Alias name: mydwakey
Creation date: 15/11/2022
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Howard, OU=IBM, O=IBM, L=Sydney, ST=NSW, C=AU
Issuer: CN=Howard, OU=IBM, O=IBM, L=Sydney, ST=NSW, C=AU
Serial number: 33b4dba4
Valid from: 15/11/22 2:54 PM until: 13/02/23 2:54 PM
Certificate fingerprints:
MD5: CF:2D:1F:DE:3E:2D:2A:94:28:B6:1C:8D:07:97:CF:AB
SHA1: 93:15:F0:71:BD:94:D8:2B:2A:AE:CE:9B:64:91:6E:B3:10:2F:37:4A
SHA256: EC:A9:4B:F0:03:DE:0B:B2:33:81:36:86:B7:B1:38:90:01:EA:04:AD:66:64:BE:4B:77:A9:5B:ED:65:25:1F:DE
Signature algorithm name: SHA256withDSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: de 81 67 e8 16 d7 2b 0f 59 53 cd 1b 5c 84 2b 81 ..g.....YS......
0010: 67 ab 62 f8 g.b.
]
]
*******************************************
*******************************************
Resolving The Problem
Generate the keystore with Signature algorithm SHA256withRSA.
The key algorithm can be specified by adding -keyalg RSA when you use keytool to generate the keystore.
For example,
keytool -genkey -alias MyDWAKey -keyalg RSA -keystore MyDWAKey.keystore
After the keystore is created with -keyalg RSA, check the keystore, and make sure that the Signature algorithm is SHA256withRSA.
C:\IBM\jre\bin>keytool -list -v -keystore MyDWAKey.keystore
Enter keystore password:
Keystore type: jks
Keystore provider: IBMJCE
Your keystore contains 1 entry
Alias name: mydwakey
Creation date: 15/11/2022
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Howard, OU=IBM, O=IBM, L=Sydney, ST=NSW, C=AU
Issuer: CN=Howard, OU=IBM, O=IBM, L=Sydney, ST=NSW, C=AU
Serial number: 72c1a60c
Valid from: 15/11/22 2:54 PM until: 13/02/23 2:54 PM
Certificate fingerprints:
MD5: F1:36:B7:A5:01:A5:16:92:02:39:18:0E:B6:D2:CC:FD
SHA1: 62:39:FB:AD:DF:64:BD:66:77:02:86:7A:CD:A4:EA:12:1F:02:1F:83
SHA256: 53:59:73:AA:5E:29:0C:3C:34:1C:8A:E0:CB:9B:89:BF:E4:EC:A0:B8:B3:89:0C:43:3F:0A:8C:30:E2:24:3C:78
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: fa 72 f2 75 dc 1a eb 8a cd 94 03 a1 ae 31 21 1d .r.u.........1..
0010: 25 3c 0f 00 ....
]
]
*******************************************
*******************************************
Note:
After you use this keystore to start DWA, accessing DWA with Firefox will get MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT.
One can click "Accept the Risk and Continue".
To get rid of MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT message, one needs to purchase a CA signed certificate.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYQCV","label":"IBM Engineering Requirements Management DOORS Web Access"},"ARM Category":[{"code":"a8m50000000CiqdAAC","label":"DOORS-\u003EDOORS Web Access (DWA)"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Product Synonym
DWA
Was this topic helpful?
Document Information
Modified date:
05 December 2022
UID
ibm16839435