Clovertech

TCP connection using SSL configuration

Clovertech Forums Cloverleaf TCP connection using SSL configuration

  • Creator
    Topic
  • June 21, 2022 at 8:42 am #119819
    Walter Beatty
    Participant

      I am somewhat new to Cloverleaf and all of our organizations existing interfaces with outside vendors are all configured using a VPN.  We are trying to configure an interface using SSL.  I was provided the certs (.pfx files) from the vendor and no private key needed.  I have imported these certs into the trusted root cert authority on the cloverleaf server.   I have the host IP and port configured and my SSL config :
      Mode = Client

      SSL Protocol=All

      no SSL Cipher Suites

      So my confusion is what needs to go in

      certificate file:

      Private Key:

      Password:

      Currently in the certificate file I have the full path to the .pfx file – E:/cloverleaf/cis19.1/integrator/client/certs/orders.pfx

      nothing in the Private Key as the vendor stated there was no private key and the password I have the password provided from the vendor.

      When I start the thread I see a secure socket handshake error and we log the following error:

      [ssl :open:ERR /0:to_retinavue_orm:06/21/2022 08:40:18] Unable to load Server’s Certificate from file: ‘E:/cloverleaf/cis19.1/integrator/client/certs/orders.pfx’ iRes = 0
      [ssl :open:ERR /0:to_retinavue_orm:–/–/—- –:–:–] Socket will be closed…
      [pdl :PDL :ERR /0:to_retinavue_orm:06/21/2022 08:40:18] Unable to setup SSL socket

       

      Any advise would be greatly appreciated.

    • Creator
      Topic
    Viewing 2 reply threads
    • Author
      Replies
      • June 21, 2022 at 12:36 pm #119820
        David Barr
        Participant

          If you’re trying to authenticate the server, I think you need to use ClientAuth mode, put the server certificate in a file, and fill in the CA path and CA file with the path and filename for this file. I think you need to use Portecle to convert the pfx file to pem format.

          I wasn’t able to get this mode working because this also sends a client certificate to the server, and this was confusing the server I was trying to connect to. I ended up switching to ClientAnon mode and not entering any certificate details in the thread. It would be nice if there was another mode for client threads that would authenticate the server but not try to send a client cert.

        • June 29, 2022 at 4:56 pm #119840
          Mike Grieger
          Participant

            Walter – I’m wondering if you need to convert the Cert format so Cloverleaf can recognize it?  Is the .pfx in binary (not PEM/ASCII format)?  Thought it needed to be PEM format.

          • June 30, 2022 at 8:58 am #119841
            Walter Beatty
            Participant

              Thanks Mike – I did have to convert to PEM format but was trying to do so from Windows cert manager and since I did not have a private key from the vendor cert I was not able to generate a key in PEM format from Windows.  I had to use Portecle to do that.  I was able to get it to work after doing that.

          • Author
            Replies
          Viewing 2 reply threads
          • You must be logged in to reply to this topic.