Symptom
When using the Introscope Enterprise Manager web based workstatiopn without the standard HTTP port (for instance using port 8444) the browsers do not support the used cipher from the em-jetty-config.xml file.
Environment
Solution Manager 7.1 SP15
CA Introscope Enterprise Manager 10.1.0.15
Reproducing the Issue
- Disable the standard HTTP port (8081) used by the Web Based Workstation.
- Activate port 8444 from the em-jetty-config.xml file.
- Observe that the EM workstation will launch when a weak cipher is set i.e. using a 128 algorithm.
- Try launching the EM workcenter using a stronger cipher i.e. 256 and above and you will get an error similar to:
"2/07/17 08:00:00.842 AM CET [ERROR] [main] [Manager.EMWebServer] The EM Webstart service could not be started :Cannot support TLS_DHE_DSS_WITH_AES_256_CBC_SHA with currently installed providers"
Cause
The complete SSL\TLS support in Introscope including the set of supported ciphers is standard Java functionality.
It is not anything Introscope specific, which means a positive outcome depends on the underlying JRE/JDK being used.
Resolution
First of all check that the JRE installed as part of the Introscope Enterprise Manager is fully equipped with the ""Unlimited Strength Jurisdiction Policy".
Check this link for information on this policy:
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
Secondly, please test by downloading a current Java 8 runtime and running it with the Enterprise Manager, please remember to add the policy files again.
See Also
N\A
Keywords
Solution Manager Introscope Cipher HTTP Web Based Workstation EM-Jetty-Config.XML , KBA , SV-SMG-DIA-WLY , Solution Manager / Introscope Integration , Problem