SSL

  • 04 Jun

    SSL Error Codes

    https://www.secureblackbox.com/kb/help/ref_err_sslerrorcodes.html

    Copyright www.secureblackbox.com Value Possible reason and steps to take
    ERROR_SSL_CONNECTION_CANCELLED_BY_USER 73729 (0x12001)
    ERROR_SSL_TIMEOUT 73730 (0x12002)
    ERROR_SSL_UNSUPPORTED_MAC_ALGORITHM 73731 (0x12003)
    ERROR_SSL_UNEXPECTED_MESSAGE 75777 (0x12801)
    1. Connection is made to/from a service that doesn’t talk proper SSL (e.g. a plain HTTP connection is made to an HTTPS port). Re-check that both client and server services are talking SSL.
    2. Unsupported version of the protocol. Try to play with Versions property of the SSL component and check if any of the combination helps.
    ERROR_SSL_BAD_RECORD_MAC 75778 (0x12802) The peers failed to negotiate a shared key material. Try connecting with different cipher suites one-by-one and check if any of them helps. If neither does, try to use a different protocol version.
    ERROR_SSL_DECRYPTION_FAILED 75779 (0x12803)
    ERROR_SSL_DECODE_ERROR 75792 (0x12810)
    ERROR_SSL_DECRYPT_ERROR 75793 (0x12811)
    ERROR_SSL_RECORD_OVERFLOW 75780 (0x12804) Packet size too large. Try to decrease the maximal size of the packet by adjusting the MaxFragmentLength extension.
    ERROR_SSL_DECOMPRESSION_FAILURE 75781 (0x12805) Compression or decompression failure. Switch off compression (CompressionAlgorithms property).
    ERROR_SSL_HANDSHAKE_FAILURE 75782 (0x12806) Incompatible versions or cipher suite lists. Try to play with version and cipher suite sets. Check that the server certificate is provided and has an associated private key.
    ERROR_SSL_ILLEGAL_PARAMETER 75789 (0x1280D)
    ERROR_SSL_NO_CERTIFICATE 75783 (0x12807) The certificate provided by the peer is not valid.
    ERROR_SSL_BAD_CERTIFICATE 75784 (0x12808)
    ERROR_SSL_UNSUPPORTED_CERTIFICATE 75785 (0x12809)
    ERROR_SSL_CERTIFICATE_REVOKED 75786 (0x1280A)
    ERROR_SSL_CERTIFICATE_EXPIRED 75787 (0x1280B)
    ERROR_SSL_CERTIFICATE_UNKNOWN 75788 (0x1280C)
    ERROR_SSL_UNKNOWN_CA 75790 (0x1280E)
    ERROR_SSL_ACCESS_DENIED 75791 (0x1280F) The requested application-layer resource cannot be accessed by the requestor. Check with the administrator of the remote resource.
    ERROR_SSL_EXPORT_RESTRICTION 75794 (0x12812) The peer is only configured to use exportable cipher suites. Switch on support for “EXPORT” cipher suites.
    ERROR_SSL_PROTOCOL_VERSION 75795 (0x12813) The peers have not been able to negotiate a version to use (no shared protocol versions).
    ERROR_SSL_INSUFFICIENT_SECURITY 75796 (0x12814) The cipher suites mutually supported by the peers are too weak and do not provide an adequate level of security.
    ERROR_SSL_INTERNAL_ERROR 75797 (0x12815) Contact the vendor.
    ERROR_SSL_USER_CANCELED 75798 (0x12816) Application layer has shut down the connection.
    ERROR_SSL_NO_RENEGOTIATION 75799 (0x12817) One of the peers requested a renegotiation, which was refused by the other. Note that you will get this error (as a warning) if you return Allow = false from the OnRenegotiationStart event handler.
    ERROR_SSL_CLOSE_NOTIFY 75800 (0x12818) Does not indicate an error condition. The SSL connection was closed gracefully and can be restored or cloned in future.
    ERROR_SSL_UNKNOWN_PROTOCOL_ERROR 75801 (0x12819)
    By Limagito Error , ,
  • 27 May

    Web Remote Client SSL option

    Dear Users,

    We’ve added SSL (HTTPS) to our Web Remote Server.  To enable SSL you need to provide 3 certificate files:

    • (Public) Certificate File: This file contains the certificate public key part.
      So everything between and including these two statements:
      —–BEGIN CERTIFICATE—–
      —–END CERTIFICATE—–
    • (Private) Key File: This file contains the private key part.
      So everything between and including these two statements:
      —–BEGIN PRIVATE KEY—–
      —–END PRIVATE KEY—–
    • (Public) Root Certificate File: The final file that SSL requires is the Certificate Authority certificate file.
      You can obtain this from the Internet Explorer in Trusted Root Certificate Authority dialog.
      Select the Authority that issued your certificate and export it in Base64 (cer) format.
      This format is also the same as PEM format so after export simply rename the file to root.pem

    The type of certificates we need are .pem files.  The PEM extension is used for Base-64 encoded X.509 certificates. They contain ASCII armored data between “—– BEGIN …”  and “—–END …” lines. Sometimes the certificates come in a single pem file. In this case, you need to open it with a text editor and save the individual certificates in separate pem files.

    Certificates can be obtained from a trusted certificate authority. You can also generate your own but the browser will not trust this and will display a warning.

    If you have a certificate in .pfx format, you’ll have to convert it first. In this case we need a utility called openssl.exe.  First, download and install the OpenSSL Windows binaries from here (at you own risk). The lite version of the binaries is sufficient.

    • Start a command prompt with administrative privileges
    • At command prompt issue the following command:
      • openssl.exe pkcs12 –in <your file>.pfx –out <your file>.pem

    Openssl.exe will ask you for the password of the pfx file. Leave it blank if you did not specify one. It will also ask you for a new password for the .pem file (= optional). The certificates are converted to single pem file. You need to open the converted pem file with a text editor and save the individual certificates in separate pem files.

    Also online certificate conversions are available:

    Web Remote Setup is available in our LimagitoX Config Tool.

    Regards,

    Limagito Team