Community discussions

MikroTik App
  4. RouterOS
  5. General

SSL encryption error when trying to access user manager

Post Reply
 
jauer
just joined
Topic Author
Posts: 7
Joined: Wed Mar 25, 2009 10:15 pm
Location: Hartford, WI
Contact:
Contact jauer

SSL encryption error when trying to access user manager

Thu Mar 26, 2009 12:31 am

Hi,
I'm getting the following error in Firefox when I try to access user manager over SSL:
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)

I read http://forum.mikrotik.com/viewtopic.php?f=2&t=27134 and tried rebooting it but it is still stuck.

The SSL certificate was generated on a Ubuntu Linux machine with OpenSSL version "0.9.8g 19 Oct 2007" following the directions on http://wiki.mikrotik.com/wiki/User_Mana ... n_enabling
This is on a RB450 initially running 3.22 and now running 4.0beta2 (wanted to see if upgrading fixed it)
The certificate was signed by GeoTrust RapidSSL.

I've tried using a encrypted key and also decrypting the key before putting it on the router.
Code: Select all
adminuser@mke-hsgate1] > /certificate print
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
 0 QR name="cert1" subject=C=US,O=mke-hsgate1.netwurx.net,OU=GT44209601,OU=See http://www.rapidssl.com,resources,cps (c)09,OU=Domain Control
                         Validated - RapidSSL(R),CN=mke-hsgate1.netwurx.net
      issuer=C=US,O=Equifax Secure Inc.,CN=Equifax Secure Global eBusiness CA-1 serial-number="0B1E11"
      invalid-before=mar/25/2009 15:22:54 invalid-after=mar/26/2010 15:22:54 ca=no

[adminuser@mke-hsgate1] > /ip service print
Flags: X - disabled, I - invalid
 #   NAME                               PORT  ADDRESS            CERTIFICATE
=SNIP=
 4   www-ssl                            443   0.0.0.0/0          cert1
=SNIP=
Any suggestions?
Top
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 823
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:
Contact nest

Re: SSL encryption error when trying to access user manager

Mon Mar 30, 2009 3:45 am

Well, I just tried and you have http on port 80 alive and well, am able to see webbox and usermanager. But no response at all from your server on port 443 for SSL.
I would check for any firewall blocking that maybe going on? Either on your Mikrotik or further upstream? Or have you recently turned off www-ssl as it wasn't working?!
Top
 
jauer
just joined
Topic Author
Posts: 7
Joined: Wed Mar 25, 2009 10:15 pm
Location: Hartford, WI
Contact:
Contact jauer

Re: SSL encryption error when trying to access user manager

Mon Apr 06, 2009 10:55 am

I had www-ssl disabled for a few days.

Just to be sure I copy-pasted the openssl commands from the User Manager Wiki page and the problem still occurs.

Trying to connect with the openssl client returns a handshake failure.
Code: Select all
~$ openssl s_client -connect mke-hsgate1.netwurx.net:443
CONNECTED(00000003)
22579:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:578:
Top
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 823
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:
Contact nest

Re: SSL encryption error when trying to access user manager

Sat Apr 11, 2009 4:23 pm

Can you re-enable www-ssl so I can test?
Top
 
jauer
just joined
Topic Author
Posts: 7
Joined: Wed Mar 25, 2009 10:15 pm
Location: Hartford, WI
Contact:
Contact jauer

Re: SSL encryption error when trying to access user manager

Wed Apr 15, 2009 7:54 pm

Yes. I've left it enabled.

Also to rule out OpenSSL generating a corrupt cert I've generated another self-signed cert using OpenSSL 0.9.8j on a Solaris 10 box.

This box isn't doing anything else so I can put a different version of RouterOS on it if there is one you think will work better.
Top
 
jauer
just joined
Topic Author
Posts: 7
Joined: Wed Mar 25, 2009 10:15 pm
Location: Hartford, WI
Contact:
Contact jauer

Re: SSL encryption error when trying to access user manager

Sat Apr 25, 2009 4:19 am

I'm working around this by using a PC instead of a RB450.

I initially installed 4.0beta2 and it wouldn't handle the certificate key properly.

I got it to work by clearing the cert, downgrading to 3.23, installing the cert and testing SSL, and then upgrading back to 4.0beta2.
Top
 
User avatar
chimaster
Member Candidate
Member Candidate
Posts: 133
Joined: Tue Feb 07, 2006 8:54 am
Location: Queenstown
Contact:
Contact chimaster

Re: SSL encryption error when trying to access user manager

Wed Sep 29, 2010 10:02 am

Hi All,

Realise this is an old post, but I've just encountered the same issue. Looking at moving my hotspots to signed SSL login pages but get this same error.

Secure Connection Failed
An error occurred during a connection to mydomain.co.nz.

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

Anyone come up with a solution?
Top
 
mkhallaf
just joined
Posts: 4
Joined: Thu Nov 01, 2012 5:46 pm

Re: SSL encryption error when trying to access user manager

Thu Nov 01, 2012 5:51 pm

All docs are wrong (applies to v5.21)

do this with openssl:

openssl genrsa -out mikroTik.ca.key.pem 2048
openssl req -new -x509 -nodes -days 9999 -key mikroTik.ca.key.pem -out mikroTik.ca.cert.pem

Drag and drop both files into winBox, then import both files. Cert will show up with KR flag.
Use it for www-ssl and you are done. No fuss!
Top
Post Reply
  4. RouterOS
  5. General