SSL/TLS

SSL/TLS

If you are experiencing problems obtaining a successful SSL/TLS connection, you can set your Syslog Level to Notice and view the syslog for the following messages:

Line not SSL enabled. Abort connection when a user who is configured for Service SSL_RAW tries to login on the serial port.

The user has been configured for an SSL_RAW connection, but the line has not been configured to enable SSL. To resolve this, either enable the line for SSL or change the user's Service to TCP_CLEAR if SSL is not wanted.

Could not obtain peer's certificate.

zUser has selected a cipher key exchange of ADH (anonymous Diffie-Hellman) and enabled Peer verification. ADH does not use certificates so they will not be sent in an SSL/TLS handshake. Disable Peer Verification or change to a cipher suite that uses certificates.

zUser has selected Peer Verification on the configured SSL/TLS server and has not configured a certificate for the client. Either disable peer verification on the SSL/TLS server or configure a certificate for the SSL/TLS client.

SSL_accept failed on the SSL/TLS server device.

zThe device has failed to accept an SSL/TLS connection on top of a TCP connection that has just been established. This could indicate that the peer from which TruePort is trying to accept a connection from is not configured for SSL/TLS. Verify that the peer has been configured for an SSL/TLS client connection.

Certificate did not match configuration

zThe message is displayed when Validate Peer Certificate has been enabled, but the configured Validation Criteria does not match the corresponding data in the certificate received from the peer. The data configured must match exactly to the data in the certificate. The data is also case sensitive.

unknown protocol message when trying to make an SSL/TLS connection

zThis will be displayed when both sides of the TCP connection are configured as SSL/TLS clients. Change one of the end points to act as an SSL/TLS server.

zOne of the endpoints is not configured for SSL/TLS. Make sure both endpoints are configured for SSL/TLS, verify that one is a client and the other is a server.

tlsv1 alert handshake failure or sslv3 alert handshake failure

zThe remote site has an SSL/TLS error and is sending this message with an alert message. Look at the error messages on the remote end and fix the problem indicated.

I/O Models

An I/O Digital or Relay controlled motor is starting/stopping

zDigital and Relay channels have automatically resetting fuses, meaning that if the circuit gets overloaded and the fuse blows, it will automatically reset when the circuit cools down.

An A4R2 model is starting/stopping

zThe A4R2 model can run at 55 degrees Celsius ambient temperature when the input voltage is 22VDC or below. If the input voltage exceeds 22VDC, the maximum ambient temperature will drop into the range of 45-50 degrees Celsius to run successfully.

Troubleshooting 399

Page 399
Image 399
Perle Systems SCS, STS manual Models, Could not obtain peers certificate, Certificate did not match configuration