Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1019
Views
5
Helpful
5
Replies

How do I gain access to my CSP Collector Server now that my Browsers have been updated to the latest versions and no longer support the old HTTPS certificate?

alexander.scotland
Level 1
Level 1

‎09-30-2015 12:16 PM

We deployed in the 1.x portal and successfully migrated to 3.x. We are at the point where we need to update whats being collected and access the collector software, however, when we, as registered users, try to log into the collector we get an error message saying "Server has a weak ephemeral Diffie-Hellman public key." 

 

How can we fix this and access the collector? This is very frustrating...

 

Unfortunately, I cannot open a service request at this time.

 

 

Labels:
Preview file
64 KB
0 Helpful
5 Replies 5

saarbaug
Cisco Employee
Cisco Employee

‎10-02-2015 04:54 PM

Hi Alexander,

We moved your question to the Smart Net Total Care community now so that a peer or Cisco expert can see it and respond. Feel free to save the link to this community and come back with any other questions you may have.

Apologies for the confusion with the choices of communities to post in (I have reported the issue already and will follow up for a fix) but now you are in the right community and your question will be answered soon. In the meantime, please let me know if you had other questions but was not able to post here and I will post them for you.

Welcome to the community!  

Best,

Sandra 

Regards, Sandra Kindly remember to mark questions as answered and please rate posts and answers if you find them helpful.
0 Helpful

Lynden Price
Cisco Employee
Cisco Employee

‎10-07-2015 06:14 AM

Hi Alexander,

This workaround only works in Firefox 39 or higher. Here is what you can do:

1) Navigate to "about:config" by entering it into the URL bar

2) Click accept

3) Search for "security.ssl3.dhe_rsa_aes" in the search bar on this page (not the firefox search bar)

4) Check both of those values to false

This is bypass the security check that Firefox does for logjam. Since this is a server internal to your network, it shouldn't pose a problem. Please remember to turn it back on once you've gathered the necessary data from the collector. The newest version of the collector image (2.5) does not have this issue. You should deploy that when possible.

Thanks,
Lynden

alexander.scotland
Level 1
Level 1
In response to Lynden Price

‎10-07-2015 07:53 AM

Thanks Lynden. How do I deploy the newest version 2.5?

 

Alexander 

0 Helpful

Lynden Price
Cisco Employee
Cisco Employee
In response to alexander.scotland

‎10-07-2015 07:56 AM

It's actually due to be released soon, but as a new OVA. For now, you can grab your managed device list, credentials, and user accounts from your current collector, and then it should be easy to import those into the new one once you've hosted the OVA.

I can give you more details on how to do that if you have any questions.

Thanks,

Lynden

0 Helpful

Oussama Mbarek
Level 1
Level 1

‎11-04-2015 04:13 AM

Try to use internet explorer, it works for me

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents