Vaccination interface with Iowa

This topic has 5 replies, 3 voices, and was last updated 11 years, 3 months ago by David Barr.

Creator

Topic
April 8, 2014 at 3:54 pm #54145
Mike Campbell
Participant
Wondering if anyone is successfully sending VXU message to the IRIS [Iowa State vaccination system]. Interested in your connection setup.

getting:

ERROR – 35

Unknown SSL protocol error in connection to secure.iris.iowa.gov:443

And wondering what I’ve messed up in the config.

Thanks.

Mike Campbell

CL 6.0 – AIX
Creator

Topic

Viewing 4 reply threads

Author

Replies
- April 8, 2014 at 5:21 pm #80328
  Jim Kosloskey
  Participant
  Mike,
  
  It has been a while since I have done any SSL stuff but here goes…
  
  If you have not already done so try using the -verbose CURL option in your thread configuration – that will give a lot of information in the log. Not necessarily more clarity but more information and potentially more clarity.
  
  It has been a while but I think that Curl error generally means a certificate issue.
  
  Is Iowa requiring anything other than ServerAnon? If so did they give you a certificate to use? If they did then assure the certificate is still valid (they should be able to tell you that). If there is any question, there are certificate viewrs (free) available on the Web if I recall correctly which will let you see some of the particulars.
  
  If they gave you a certificate make sure you have the correct selection in the config for the thread.
  
  email: jim.kosloskey@jim-kosloskey.com 30+ years Cloverleaf, 60 years IT – old fart.
- April 8, 2014 at 6:18 pm #80329
  Mike Campbell
  Participant
  Get this error when manually connecting:
  
  hcitcl>curl -v https://secure.iris.iowa.gov/webservices_trn
  
  * About to connect() to secure.iris.iowa.gov port 443 (#0)
  
  * Trying 192.85.128.121…
  
  * connected
  
  * Connected to secure.iris.iowa.gov (192.85.128.121) port 443 (#0)
  
  * SSLv3, TLS handshake, Client hello (1):
  
  * Unknown SSL protocol error in connection to secure.iris.iowa.gov:443
  
  * Closing connection #0
  
  curl: (35) Unknown SSL protocol error in connection to secure.iris.iowa.gov:443
  
  Error: child process exited abnormally
  
  Config us set up to use https. Site is in the config. Client Mode with TSLv1 selected and the full path and file for the Certificate File. Unless that file needs to be in a specific directory.
- April 9, 2014 at 10:09 pm #80330
  David Barr
  Participant
  I wasn’t able to make an SSL connection to that address. It’s possible they have a firewall that’s checking incoming IP addresses against a list used by their clients and you need to be added to that list.
- April 10, 2014 at 10:38 am #80331
  Mike Campbell
  Participant
  David,
  
  Could you post a screen shot of your config?
  
  Or you can email me. mike.campbell@nmhs.org
  
  I’d like to see if my setup is similar to yours.
  
  Thanks.
- April 10, 2014 at 3:36 pm #80332
  David Barr
  Participant
  I didn’t set up a Cloverleaf thread; I was using other tools. Here’s an openssl trace:
  
  Code: ~$ openssl s_client -connect secure.iris.iowa.gov:443 CONNECTED(00000003) depth=2 /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority verify return:1 depth=1 /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 verify return:1 depth=0 /OU=Domain Control Validated/CN=secure.iris.iowa.gov verify return:1 28802:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40 28802:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
  
  So I no longer think it’s a firewall issue for me. It’s probably because I don’t have a good certificate to give to them.
Author

Replies

Viewing 4 reply threads

The forum ‘Cloverleaf’ is closed to new topics and replies.