Server has a weak ephemeral Diffie-Hellman public key

I have just started to look into the decommissioning of a VMware vSphere 5.0 environment for a client as they prepare to upgrade to vSphere 6.0. When I tried to log into the webclient I was faced with this screen on Chrome V45 and similar in IE11:

Diffie-Hellman error
Server has a weak ephemeral Diffie-Hellman public key ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY


After a bit of research and a good pointer from @sammcgeown I found that if I use an older browser (I tested a few but settled on Firefox 37.0.1), the error message went away and was replaced by a new issue:

RSL 2046
RSL Error Error #2046: The loaded file did not have a valid signature.

The issue is outlined in KB 2116567 The vSphere Web Client 5.0 fails to load and reports the error: Error # of 29 2046 with RSL

As there is no solution to the issue as outlined in the KB article, but I found that if you set your clock back (I changed it to Jan-2015), the issue is resolved.

vSphere 5.0 Login

There are some blog posts on how to fix the certificates but for a quick and dirty solution I hope you find this helpful!

Be First to Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.