Reply
Ubiquiti Employee
Posts: 3,941
Registered: ‎06-18-2015
Kudos: 1191
Solutions: 360

Re: Server has a weak ephemeral Diffie-Hellman public key

Hi Rob,

 

What gateway specifically are you using?  We tried the PayPal Website Payments Pro and didn't receive a weak ephemeral key error?

UBNT_Alternate_Logo.png
Ubiquiti Networks Enterprise Support Team


UniFi Protect: UniFi Protect Help Center | Frequently Asked Questions

UniFi Video 3: UniFi Video Help Center | UFV3 User Guide


Ubiquiti Employee
Posts: 3,941
Registered: ‎06-18-2015
Kudos: 1191
Solutions: 360

Re: Server has a weak ephemeral Diffie-Hellman public key

@UBWH_Australia, never mind, found your other thread!

UBNT_Alternate_Logo.png
Ubiquiti Networks Enterprise Support Team


UniFi Protect: UniFi Protect Help Center | Frequently Asked Questions

UniFi Video 3: UniFi Video Help Center | UFV3 User Guide


New Member
Posts: 16
Registered: ‎01-24-2014
Kudos: 2

Re: Server has a weak ephemeral Diffie-Hellman public key

These entries worked for me:

 

unifi.https.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
unifi.https.sslEnabledProtocols=TLSv1.2

 

-Seann

New Member
Posts: 8
Registered: ‎05-02-2017

Re: Server has a weak ephemeral Diffie-Hellman public key

[ Edited ]

Unfortunately none of the above suggestions worked ... Having recently installed Unifi Controller 5 with Java 8 on Synology latest DSM. It worked for a few days but now since a week it does not work anymore.

 

Edit: a new update of DSM today and now the Controller takes two start-commands before it is started, and still the same problem. I'm starting to loose hope here

New Member
Posts: 16
Registered: ‎01-24-2014
Kudos: 2

Re: Server has a weak ephemeral Diffie-Hellman public key

I figured out how to self-sign a UniFi controller certificate:

 

# Make certificate request
java -jar lib/ace.jar new_cert unifi.example.com example.com "Colorado Springs" CO US

# Sign certificate request
openssl x509 -req -days 3650 -in data/unifi_certificate.csr.pem -CA /var/ssl/cacert.pem -CAkey /var/ssl/private/cakey.pem -CAcreateserial -out data/unifi.crt

# Import signed certificate
java -jar lib/ace.jar import_cert data/unifi.crt /var/ssl/cacert.pem

 

Your mileage may vary.

New Member
Posts: 8
Registered: ‎05-02-2017

Re: Server has a weak ephemeral Diffie-Hellman public key

With the update of Java 8 from v121 to v151 my controller started working again.

Reply