Sign in using DevConnect ID

Forgot password?

Trouble logging in?

Submit a ticket for Registration Support.

I have an SSO ID

?
sign in

Don't have a DevConnect or SSO ID ?

Create a DevConnect account or join the program.

register now
^
Forum Index » Server Platform » tsapi encrypted connection   XML
 
Author Message
pnwoha



Joined: 13/02/2015 15:09:33
Messages: 205
Offline

I am trying to connected to an encypted server id. I have imported my certificate to "Trusted Root Certifaction Authorities". I have also edited my ini file to point to the cert location. However when i try to connect i get the following error: ACSERR_SSL_CONNECT_FAILED -15
MartinFlynn



Joined: 30/11/2009 05:00:18
Messages: 1463
Offline

TSAPI uses its own keystore files and does not use the Windows keystore. You will find more information on how to use this in the "Server certificate authentication" section of "Avaya Aura Application Enablement Services TSAPI and CVLAN Client and SDK Installation Guide".

Martin
pnwoha



Joined: 13/02/2015 15:09:33
Messages: 205
Offline

So we have gone through the guide and made some changes except that now we are seeing the following error: ACSERR_SSL_INIT_FAILED -14. Note that we are using tsapi driver version 6.3.3-103
MartinFlynn



Joined: 30/11/2009 05:00:18
Messages: 1463
Offline

From the TSAPI Programmers Guide, error ACSERR_SSL_INIT_FAILED (-14) is described as:

This return value indicates that a secure connection could not be opened because there was a problem initializing the OpenSSL library.

My reading of this is that the attempt may have failed even before the client tried to connect to the server. In this case, one of the changes you made has actually made your problem worse.

If I were trying to debug this, I think I would try the following two things:

1. Get a Wireshark trace on the client. Use it to check:
a. Is the client even trying to connect to the server
b. Does the client request a certificate
c. What certificate does the server send
d. What error does the client generate

2. Install the openSSL toolkit on the client and use its tools to test the connection and certificate. You can get more information on openSSL at https://www.openssl.org/

Martin
pnwoha



Joined: 13/02/2015 15:09:33
Messages: 205
Offline

thank you martin, we were using the wrong cert format, we now have it working. While I have you here, we are trying to connect dmcc to the encrypted port (4722 instead of 4721) and as soon as it tries to connect we receive a "ServerConnectionDownEvent".
MartinFlynn



Joined: 30/11/2009 05:00:18
Messages: 1463
Offline

You are not giving much information there. I suggest you do a Wireshark trace to get a better idea as to what is going on.

Martin
pnwoha



Joined: 13/02/2015 15:09:33
Messages: 205
Offline

Martin my apologies. It turns out i did not enable encryption when using the service provider to connect. I also had to set the cert call back and return the certificate. Once I did all that it worked. Thanks for your help.
 
 
Go to: