- Update to SystemEDGE 5.9 with the latest SRM AIM Binaries which support TLS 1.2 (Please refer to KB000036979).
- SystemEDGE 5.9 ships with Java7 as the embedded version.
- Validate Java7 supports the cipher the web page is using:
- This can be accomplished by connecting to the website using the openssl utility which is commonly found on Unix based operating systems such as Red Hat (RHEL).
- If you do no have access to a Unix based operating system refer to the following web page to download an openssl utility for Windows: https://www.openssl.org/community/binaries.html
- Run the following command against the HTTPS site causing the ERRCODE:58 error:
openssl s_client -connect <website.com>:443
4. Locate the following output which will list the Cipher being used:
SSL handshake has read 3393 bytes and written 415 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
No ALPN negotiated
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1522251405
Timeout : 300 (sec)
Verify return code: 0 (ok)
5. Check with Oracle documentation to see if Java7 (which is embedded with SystemEDGE 5.9 SRM AIM) Supports the cipher:
- Refer to the "Cipher Suites" Section:
6. If you determine you need to update to Java8 download the private instance from Oracle:
7. The steps to update the SystemEDGE SRM AIM Embedded Java is as follows:
- Stop CA SystemEDGE.
- Navigate to CA\SystemEDGE folder and make a backup copy of the jre folder.
- Replace the contents of the jre folder with the contents of the private Java8 instance referenced above.
- Start CA SystemEDGE.