MikroTik

Community discussions
https://forum.mikrotik.com/

SSL encryption error when trying to access user manager

https://forum.mikrotik.com/viewtopic.php?t=30608

Page 1 of 1

SSL encryption error when trying to access user manager

Posted: Thu Mar 26, 2009 12:31 am
by jauer
Hi,
I'm getting the following error in Firefox when I try to access user manager over SSL:
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)

I read http://forum.mikrotik.com/viewtopic.php?f=2&t=27134 and tried rebooting it but it is still stuck.

The SSL certificate was generated on a Ubuntu Linux machine with OpenSSL version "0.9.8g 19 Oct 2007" following the directions on http://wiki.mikrotik.com/wiki/User_Mana ... n_enabling
This is on a RB450 initially running 3.22 and now running 4.0beta2 (wanted to see if upgrading fixed it)
The certificate was signed by GeoTrust RapidSSL.

I've tried using a encrypted key and also decrypting the key before putting it on the router.
Code: Select all
adminuser@mke-hsgate1] > /certificate print
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
 0 QR name="cert1" subject=C=US,O=mke-hsgate1.netwurx.net,OU=GT44209601,OU=See http://www.rapidssl.com,resources,cps (c)09,OU=Domain Control
                         Validated - RapidSSL(R),CN=mke-hsgate1.netwurx.net
      issuer=C=US,O=Equifax Secure Inc.,CN=Equifax Secure Global eBusiness CA-1 serial-number="0B1E11"
      invalid-before=mar/25/2009 15:22:54 invalid-after=mar/26/2010 15:22:54 ca=no

[adminuser@mke-hsgate1] > /ip service print
Flags: X - disabled, I - invalid
 #   NAME                               PORT  ADDRESS            CERTIFICATE
=SNIP=
 4   www-ssl                            443   0.0.0.0/0          cert1
=SNIP=
Any suggestions?

Re: SSL encryption error when trying to access user manager

Posted: Mon Mar 30, 2009 3:45 am
by nest
Well, I just tried and you have http on port 80 alive and well, am able to see webbox and usermanager. But no response at all from your server on port 443 for SSL.
I would check for any firewall blocking that maybe going on? Either on your Mikrotik or further upstream? Or have you recently turned off www-ssl as it wasn't working?!

Re: SSL encryption error when trying to access user manager

Posted: Mon Apr 06, 2009 10:55 am
by jauer
I had www-ssl disabled for a few days.

Just to be sure I copy-pasted the openssl commands from the User Manager Wiki page and the problem still occurs.

Trying to connect with the openssl client returns a handshake failure.
Code: Select all
~$ openssl s_client -connect mke-hsgate1.netwurx.net:443
CONNECTED(00000003)
22579:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:578:

Re: SSL encryption error when trying to access user manager

Posted: Sat Apr 11, 2009 4:23 pm
by nest
Can you re-enable www-ssl so I can test?

Re: SSL encryption error when trying to access user manager

Posted: Wed Apr 15, 2009 7:54 pm
by jauer
Yes. I've left it enabled.

Also to rule out OpenSSL generating a corrupt cert I've generated another self-signed cert using OpenSSL 0.9.8j on a Solaris 10 box.

This box isn't doing anything else so I can put a different version of RouterOS on it if there is one you think will work better.

Re: SSL encryption error when trying to access user manager

Posted: Sat Apr 25, 2009 4:19 am
by jauer
I'm working around this by using a PC instead of a RB450.

I initially installed 4.0beta2 and it wouldn't handle the certificate key properly.

I got it to work by clearing the cert, downgrading to 3.23, installing the cert and testing SSL, and then upgrading back to 4.0beta2.

Re: SSL encryption error when trying to access user manager

Posted: Wed Sep 29, 2010 10:02 am
by chimaster
Hi All,

Realise this is an old post, but I've just encountered the same issue. Looking at moving my hotspots to signed SSL login pages but get this same error.

Secure Connection Failed
An error occurred during a connection to mydomain.co.nz.

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

Anyone come up with a solution?

Re: SSL encryption error when trying to access user manager

Posted: Thu Nov 01, 2012 5:51 pm
by mkhallaf
All docs are wrong (applies to v5.21)

do this with openssl:

openssl genrsa -out mikroTik.ca.key.pem 2048
openssl req -new -x509 -nodes -days 9999 -key mikroTik.ca.key.pem -out mikroTik.ca.cert.pem

Drag and drop both files into winBox, then import both files. Cert will show up with KR flag.
Use it for www-ssl and you are done. No fuss!
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/