Issues with smart-serial and SSL/TLS

Solved2.44K viewsHTTPS smart-serial SSL-TLS
1
0 Comments

Hello everyone,

I'm currently trying to get an HTTPS connection working over smart-serial, to receive some asynchronous event information over HTTPS (protocol is Mediaproxy Player, ip:port configured for https smart-serial is any:5000). Type is configured as

<Type relativeTimers="true" options="" advanced="smart-serial:Events Connection">http</Type>

And I have a response set up for connection:1 and the QAction triggered on the response parameter.

Problem is, when I edit the element and try to activate SSL/TLS, I start getting a lot of these messages in stream viewer:

Couldn't locate the SSL context for <IP>. Check SLPort.txt for more info
Failed to create the client object
Socket for <IP>:56444 closed

On SLPort, there are a stream of messages mentioning a failure in setting certificates to none, but none of those messages were for my IP:port combination:

2020/08/04 10:50:53.398|SLPort.exe 10.0.2018.700|9144|28372|SLHTTPRequest::SetClientCertificateToNone|ERR|0|Failed to set client certificate to none for request to <IP>//. Error: (hr = 0x80072EF3)

Another thing, is once I remove the SSL option, I can effectively see data flowing on wireshark (although I can't make sense of it, since SSL is not working):

So this tells me that there is effectively a communication attempt from the device to DataMiner.

Are there any issues or limitations on using HTTPS / SSL/TLS over smart-serial? Maybe I'm missing something on configuration/setup? Maybe there's a better solution when using HTTPS to receive async messages?

EDIT: DMA version is 10.0.7.0-9247. I'm aware that a fix is in the works for the false SetClientCertificateToNone, but in this case, I'm actually trying to use secure connections.

EDIT 2: so, I've generated a self-signed certificate with openssl, converted it to pfx, and followed the instructions to configure it (I've actually used an automation script provided by Gelber, to configure the certificate on the DMA).

openssl req -x509 -newkey rsa:4096 -sha256 -keyout server.key -out server.crt -subj “/CN=skyline.communications” -days 600

openssl pkcs12 -export -name “skyline.communications” -out server.pfx -inkey server.key -in server.crt

However, now I'm getting a different error:

Unexpected error on <IP> during SECURE_SOCKET_CLIENT::SECURE_SOCKET_CLIENT: An invalid argument was supplied.
Connect failed for <IP>:<Port>
Failed to create the client object
Socket for <IP>:<Port> closed

Miguel Coelho [SLC] Selected answer as best 31st August 2020

2 Answers

3
2.35K 1 Comment

This could perhaps be caused by a missing server certificate on the DataMiner server. Did you put one in place and configured it accordingly if it's a password protected certificate?

More information on this can be found in the section on enabling TLS encryption in the DataMiner help.

Miguel Coelho [SLC] Posted new comment 4th August 2020
Miguel Coelho [SLC] commented

Thanks, I’ve tried following that, with a slight change (Gelber provided an automation script to configure the certificate). But I’m still not quite there.
You are viewing 1 out of 2 answers, click here to view all answers.