OnDemand User Group

Support Forums => Windows Client => Topic started by: kurtschwanz on June 07, 2019, 12:55:44 PM

Title: Getting SSL working on client side - what's the secret?
Post by: kurtschwanz on June 07, 2019, 12:55:44 PM

We're trying to enable SSL for CMOD.  We've gotten the server successfully running and I can see arssockd listening on the SSL port we specified.   Not having as much luck on the client side.   I  have tried every permutation of ports (secure, unsecure, 0) and checking the "Use Secure Sockets layer" option.   I've confirmed the client .kdb and .sth file are in the client's config subfolder.   Nothing works....so what am I missing?   

this is V10.1 client

Also, changed the Host Name in the client from "myserver" to FQDN "myserver.mydomain.com" and really thought that was going to be the magic bullet -- but still no dice. 

Anyone have any suggestions?

Title: Re: Getting SSL working on client side - what's the secret?
Post by: Ed_Arnold on June 07, 2019, 02:15:03 PM

Kurt - in this thread is what I had to do on the client side to get SSL working (and on the server side for z/OS).

http://www.odusergroup.org/forums/index.php?topic=1938.0 (http://www.odusergroup.org/forums/index.php?topic=1938.0)

Ed

Title: Re: Getting SSL working on client side - what's the secret?
Post by: kurtschwanz on June 10, 2019, 12:13:55 PM

Hey Ed - thanks.   Am I correct in thinking you imported your server's cert to the client's keydb? 

Title: Re: Getting SSL working on client side - what's the secret?
Post by: Ed_Arnold on June 11, 2019, 01:31:22 PM

Quote from: kurtschwanz on June 10, 2019, 12:13:55 PM

Hey Ed - thanks.   Am I correct in thinking you imported your server's cert to the client's keydb?

Yes.

Don't ask me too much about certificates.  What's in that procedure is about all I know.   ;D

Ed

Title: Re: Getting SSL working on client side - what's the secret?
Post by: kurtschwanz on June 12, 2019, 12:22:22 PM

No luck with that.   It would be really really nice if the client had some kind of log to help troubleshoot.

Title: Re: Getting SSL working on client side - what's the secret?
Post by: Greg Ira on June 13, 2019, 05:20:38 AM

You can run a trace from the server side and try to connect.  I was able to see from a server trace that the client certificate was bad.  It should give you some clue as to where the process is failing.  If you don't see any error/denial messages in the trace double check that you have all the parms set correctly.
This was a sample of what I saw in the server trace:

04/01/2016 12:02:25:282769 ERROR SYS15104.T182903.RA000.ARNSOCK.SRCCMS.H01(ARNSOCK)(4716)ArcSOCKET_ServerEstablish:socket_init ssl_rc=428 ssl_str=Key entry does not contain a private key

Title: Re: Getting SSL working on client side - what's the secret?
Post by: yousuf_gani on September 18, 2019, 06:05:38 AM

Hi Ira / All,
Rechecking this post as my problem is similar to the problem stated above

Could you please help what is the trace parameter In Server side to be setup, to have the Clinet Connection details.
AS my current Server side trace parm as follows
[TRACE]
COMPONENT_LEVEL=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
#TRACE_LEVELS=CMD=15,TSM=15
TRACE_LEVELS=ALL=15
TRACE_FILE=<filename>
TRACE_FORMAT=TEXT
APPEND=0

Doesn't interpret an Client Connection problem in my server trace file.

Our problem is
We use OD V9.5 server and Client.
OD Window Client is with SSL certificate and OD Server also with  SSL enbaled.
OD client connects properly via the normal non-SSL port, but using the SSL enabled in Client using SSL port the connection cant be established.
No error in the System Log /In the trace to check if the client Certificate is correct / wrong.

Please help

thanks & regards
Mohd Yousuf