Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
Ubiquiti Employee
Posts: 2,616
Registered: ‎06-18-2015
Kudos: 842
Solutions: 231

Re: Server has a weak ephemeral Diffie-Hellman public key

Hi Rob,

 

What gateway specifically are you using?  We tried the PayPal Website Payments Pro and didn't receive a weak ephemeral key error?

UBNT_Alternate_Logo.png
Ubiquiti Networks Enterprise Support Team

Check out our ever-evolving Help Center for answers to many common questions!

Ubiquiti Employee
Posts: 2,616
Registered: ‎06-18-2015
Kudos: 842
Solutions: 231

Re: Server has a weak ephemeral Diffie-Hellman public key

@FreenetAntennas, never mind, found your other thread!

UBNT_Alternate_Logo.png
Ubiquiti Networks Enterprise Support Team

Check out our ever-evolving Help Center for answers to many common questions!

New Member
Posts: 16
Registered: ‎01-24-2014
Kudos: 2

Re: Server has a weak ephemeral Diffie-Hellman public key

These entries worked for me:

 

unifi.https.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
unifi.https.sslEnabledProtocols=TLSv1.2

 

-Seann

New Member
Posts: 8
Registered: ‎05-02-2017

Re: Server has a weak ephemeral Diffie-Hellman public key

[ Edited ]

Unfortunately none of the above suggestions worked ... Having recently installed Unifi Controller 5 with Java 8 on Synology latest DSM. It worked for a few days but now since a week it does not work anymore.

 

Edit: a new update of DSM today and now the Controller takes two start-commands before it is started, and still the same problem. I'm starting to loose hope here

New Member
Posts: 16
Registered: ‎01-24-2014
Kudos: 2

Re: Server has a weak ephemeral Diffie-Hellman public key

I figured out how to self-sign a UniFi controller certificate:

 

# Make certificate request
java -jar lib/ace.jar new_cert unifi.example.com example.com "Colorado Springs" CO US

# Sign certificate request
openssl x509 -req -days 3650 -in data/unifi_certificate.csr.pem -CA /var/ssl/cacert.pem -CAkey /var/ssl/private/cakey.pem -CAcreateserial -out data/unifi.crt

# Import signed certificate
java -jar lib/ace.jar import_cert data/unifi.crt /var/ssl/cacert.pem

 

Your mileage may vary.

New Member
Posts: 8
Registered: ‎05-02-2017

Re: Server has a weak ephemeral Diffie-Hellman public key

With the update of Java 8 from v121 to v151 my controller started working again.

Reply