OL, OVM: Connection Fails; "openssl: SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small"
(Doc ID 2277028.1)
Last updated on AUGUST 04, 2018
Applies to:Linux OS - Version Oracle Linux 6.0 and later
Examining The Certificate Offered By A Web Site
The key size used by a web site can be seen like this:
$ openssl s_client -connect "example.com:443" </dev/null 2>/dev/null | openssl x509 -text -noout
Public-Key: (256 bit)
This shows a key length indicating a certificate needing to be recreated with a longer key.
Examining A Local Certificate File
If the <certificate>.pem file is accessible, the certificate can be examined liek this:
$ openssl dhparam -inform PEM -in my-cert=dhparam.pem -check -text | fgrep 'DH Parameters'
Encountering A Run-time Error
After upgraded openssl to version openssl-1.0.1e-57.el6.x86_64, a client application reports the error:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|Examining The Certificate Offered By A Web Site|
|Examining A Local Certificate File|
|Encountering A Run-time Error|
|How To Generate A Certificate With An Acceptable Key|