• Home
  • /
  • TCP connection using SSL configuration

TCP connection using SSL configuration

Homepage Clovertech Forums Cloverleaf TCP connection using SSL configuration

  • Creator
    Topic
  • June 21, 2022 at 8:42 am #119819
    Walter Beatty
    Participant

    I am somewhat new to Cloverleaf and all of our organizations existing interfaces with outside vendors are all configured using a VPN.  We are trying to configure an interface using SSL.  I was provided the certs (.pfx files) from the vendor and no private key needed.  I have imported these certs into the trusted root cert authority on the cloverleaf server.   I have the host IP and port configured and my SSL config :
    Mode = Client

    SSL Protocol=All

    no SSL Cipher Suites

    So my confusion is what needs to go in

    certificate file:

    Private Key:

    Password:

    Currently in the certificate file I have the full path to the .pfx file – E:/cloverleaf/cis19.1/integrator/client/certs/orders.pfx

    nothing in the Private Key as the vendor stated there was no private key and the password I have the password provided from the vendor.

    When I start the thread I see a secure socket handshake error and we log the following error:

    [ssl :open:ERR /0:to_retinavue_orm:06/21/2022 08:40:18] Unable to load Server’s Certificate from file: ‘E:/cloverleaf/cis19.1/integrator/client/certs/orders.pfx’ iRes = 0
    [ssl :open:ERR /0:to_retinavue_orm:–/–/—- –:–:–] Socket will be closed…
    [pdl :PDL :ERR /0:to_retinavue_orm:06/21/2022 08:40:18] Unable to setup SSL socket

     

    Any advise would be greatly appreciated.

  • Creator
    Topic
Viewing 2 reply threads
  • Author
    Replies
    • June 21, 2022 at 12:36 pm #119820
      David Barr
      Participant

      If you’re trying to authenticate the server, I think you need to use ClientAuth mode, put the server certificate in a file, and fill in the CA path and CA file with the path and filename for this file. I think you need to use Portecle to convert the pfx file to pem format.

      I wasn’t able to get this mode working because this also sends a client certificate to the server, and this was confusing the server I was trying to connect to. I ended up switching to ClientAnon mode and not entering any certificate details in the thread. It would be nice if there was another mode for client threads that would authenticate the server but not try to send a client cert.

    • June 29, 2022 at 4:56 pm #119840
      Mike Grieger
      Participant

      Walter – I’m wondering if you need to convert the Cert format so Cloverleaf can recognize it?  Is the .pfx in binary (not PEM/ASCII format)?  Thought it needed to be PEM format.

    • June 30, 2022 at 8:58 am #119841
      Walter Beatty
      Participant

      Thanks Mike – I did have to convert to PEM format but was trying to do so from Windows cert manager and since I did not have a private key from the vendor cert I was not able to generate a key in PEM format from Windows.  I had to use Portecle to do that.  I was able to get it to work after doing that.

  • Author
    Replies
Viewing 2 reply threads
  • You must be logged in to reply to this topic.

Forum Statistics

Registered Users
5,117
Forums
28
Topics
9,292
Replies
34,435
Topic Tags
286
Empty Topic Tags
10