vRealize Orchestrator ERR_SSL_WEAK_EPHEMERAL_DH_KEY error

Yesterday while validating a vRealize Orchestrator (vRO) deployment on a PSO engagement with my colleague Matthew Bunce (link), we got this weird error when we tried to open the configuration page of a vRO appliance :
 

vRealize Orchestrator
 

So what has changed? Why didn’t we got this error before?
Ah of course Chrome has been updated (version 45)! And not only does this issue appear on Chrome but the problem seems to occur on the updated Firefox (version 40).
 

Fix the vRealize Orchestrator ERR_SSL_WEAK_EPHEMERAL_DH_KEY error

After some Google magic I came across a VMware KB (link) which pointed me in the right direction.

Open an SSH connection to the vRO appliance, and edit the file /etc/vco/app-server/server.xml
Search for the line :

And replace it with :

And do the same in the file /var/lib/vco/configuration/conf/server.xml

And finally reboot the appliance (just to be sure…)

vRealize Orchestrator

Enjoy! 🙂

UPDATE

John Milner (link) pointed out to me in his comment below, that if you are using the Windows installation, you can follow the same procedure as above but then for the file : %INSTALL_PATH%\VMware\Orchestrator\app-server\conf\server.xml

Thanks John!

Marco van Baggum

Marco van Baggum

Works as a SDDC Architect for ITQ. More details can be found on the About page

2 thoughts on “vRealize Orchestrator ERR_SSL_WEAK_EPHEMERAL_DH_KEY error

  1. Hit this as well. The above solution also works for a Windows installation, the path for Windows is :\Program Files\VMware\Orchestrator\app-server\conf\server.xml

    Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.