question

Upvotes
Accepted
38 0 0 1

Enabled ADS server encryption - but fail to connect from ETA


Got the following error. ADS is using self-signed Cert. How can ETA by-pass the checking? Thanks

I am able to connect by using EMA JAVA with keystore file/password


Creating RSSL connection Host: localhost Port: 14002

rsslInitChannel() returned -1, Error </local/jenkins/workspace/TREP34XCore_Release/OS/OL7-64/esdk/source/esdk/Cpp-C/Eta/Impl/Transport/ripcsslutils.c:1033> Error: 2002 Certificate validation error. OpenSSL Return code: self signed certificate


elektronrefinitiv-realtimeelektron-sdkrrteta-apielektron-transport-apiADS
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvote
Accepted
38 0 0 1

Hi All,

Just resolved the issue I have on EMA CPP C112 window version.

Firstly, have to install the cert into the window OS. (certmgr/certlm)

Secondly, need to make sure that the lib/dll and the cert path are provided

D:\Users\kit\Documents\EMA>Cons112.exe -I EUR= -S ELEKTRON_DD -U radmin -C Consumer_3 -sslCAStore .\\kit1.cert.v2.crt -libsslName .\\libssl-1_1-x64.dll -libcryptoName .\\libcrypto-1_1-x64.dll


Issue resolved fianlly

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Thanks for posting the solution!

Upvotes
20.3k 73 10 20

Hi @Chun Kit Wan

Looking at the information you have provided - it looks like you are trying to connect to an ADS server running locally i.e. localhost:14002 ?

Also, I am not an expert on ADS configuration so not entirely sure what you mean by ADS Server encryption. However, I did find the following mentioned in the ADS 3.4.1 WhatsNew pdf file under 3.4.1 bug fixes:

Certificate checks when enabling encryption in 3.4.0 not allowing connection.

• TREP-2751

• Case 08372622

When enabling encryption on the route, the connection is failing in 3.4.0 reporting a certificate error indicating no subject name match in the host certificate's alternate name list. Reason for the failure is that the ADH always uses the IP address on the connection instead of the hostname. Previous workaround which is no longer needed is to include the host IP address in the alternate name list when generating

Therefore, if your issue is related to encryption on the route - then I recommend you check out ADS version 3.4.1 and upgrade if appropriate. If you continue to have issues, I suspect your best route would be to raise a ticket with the ADS help desk OR ask on the internal Realtime Delivery channel, Technical Interest group.

I would also recommend you refer to the ETA Quickstart here on our Developer Portal to ensure you are correctly setup and configured etc from an ETA point of view.


icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
38 0 0 1

Hi Umer,

Thanks for replying. Actually, I fix the issue finally.

EMA JAVA - training sample code Con112 - working as expected without any issues on both Window and Linux Platform

EMA CPP - Linux - training sample code Con112 - if we would like to fix the encrypted connection, we have to add this into Con112

  1. Need to add a parameter config.sslCAStore to specify the cert from the ADS server
  2. Need to make sure that "Host" - have to put the same FQDN in the EmaConfig.xml and matched with the hostname stored in the "cert"


However, I still cannot solve the EMA CPP - WINDOW version. Window version of EMA CPP Con112 - have the same setting as Linux, Linux Con112 is working but not window Con112. Will continue to look into it.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Click below to post an Idea Post Idea