I'm polling an HTTP connection and I keep getting the error: 12175 [ERROR_WINHTTP_SECURE_FAILURE]. I looked at the question: https://community.dataminer.services/question/http-get-308-permanent-redirect-issue/?hilite=Redirect .I think it might be the weak signature. Is it possible to fix this issue inside the DataMiner without the need to configure the protocol? Could you advise me on the next step?
Thank you very much!
EDIT: Added the content of the 2 change cypher and FIN packet:
Server to machine:
Machine to server:
FIN packet:
I have updated the question with the images corresponding to the contents of the cypher changes and FIN packets
Could you download the certificate from the server to the client and run the following command? It will most likely indicate why the client doesn’t trust the server certificate:
certutil -verify -urlfetch [SERVER_CERTIFICATE_FILENAME].crt
Apparently I can’t find any certificate.
Can you navigating to https://10.102.250.91 in the browser on the DataMiner agent? Does that give a certificate error? You can usually download the certificate from the browser URL, for example for Chrome: https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2
As discussed offline, most likely the certificate of the device is rejected by DataMiner because:
- the Common Name (CN) does not match the hostname
- the Subject Alternative Name (SAN) does not contain the IP address of the device
Requesting a new certificate, with these fields correctly filled in, should fix the connection problems.
Could you share the content of the two “Change Cipher Spec” packets and the first [FIN] packet? They may contain more information. So far it does indeed indicate there’s a mismatch between the cipher suites the client & server support.