Chrome recently updated to version 45 and now disallows connections to https sites with DH (Diffie-Hellman) keys less than 1024 bits.
This caused me an issue when attempting to connect to a local test vRA instance to in turn access the vRO console. Fortunately, there is a way round it.
- To be able to get to the vRealize Orchestrator home/configuration pages from Chrome 45+
Infrastructure setup in this example
- vRealize Orchestrator is embedded within the vRealize Automation appliance
- Accessing with Chrome 45+
- You have root SSH access to your vRO (in this case the vRA Appliance)
Steps to success
- Log into the vRealize Applicance as root
- Make backup copies of the following files
/etc/vco/app-server/server.xml (vRO server)
/etc/vco/configuration/server.xml (vRO configurator)
cp /etc/vco/app-server/server.xml /etc/vco/app-server/server.xml.old cp /etc/vco/configuration/server.xml /etc/vco/configuration/server.xml.old
- Edit both files and remove the four “DHE” entries from “ciphers” section
scheme=”https” secure=”true” sslProtocol=”TLS” strategy=”ms”
The resultant ciphers section should look like this;
scheme=”https” secure=”true” sslProtocol=”TLS” strategy=”ms” ciphers=”TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA”/>
After removal of the insecure ciphers, you may need to restart vRO. Now you should be able to connect to vRO appliance using Chrome 45+.
NOTE: Once the editing has been completed, remember to save the file
- Restart the vRO service
service vco-server restart
NOTE: The service restarts fairly quickly, but takes a few minutes to be available via the url
- You can now access the vCO url as normal