SSL

  • 04 Jun

    SSL Error Codes

    https://www.secureblackbox.com/kb/help/ref_err_sslerrorcodes.html

    Copyright www.secureblackbox.comValuePossible reason and steps to take
    ERROR_SSL_CONNECTION_CANCELLED_BY_USER73729 (0x12001)
    ERROR_SSL_TIMEOUT73730 (0x12002)
    ERROR_SSL_UNSUPPORTED_MAC_ALGORITHM73731 (0x12003)
    ERROR_SSL_UNEXPECTED_MESSAGE75777 (0x12801)
    1. Connection is made to/from a service that doesn’t talk proper SSL (e.g. a plain HTTP connection is made to an HTTPS port). Re-check that both client and server services are talking SSL.
    2. Unsupported version of the protocol. Try to play with Versions property of the SSL component and check if any of the combination helps.
    ERROR_SSL_BAD_RECORD_MAC75778 (0x12802)The peers failed to negotiate a shared key material. Try connecting with different cipher suites one-by-one and check if any of them helps. If neither does, try to use a different protocol version.
    ERROR_SSL_DECRYPTION_FAILED75779 (0x12803)
    ERROR_SSL_DECODE_ERROR75792 (0x12810)
    ERROR_SSL_DECRYPT_ERROR75793 (0x12811)
    ERROR_SSL_RECORD_OVERFLOW75780 (0x12804)Packet size too large. Try to decrease the maximal size of the packet by adjusting the MaxFragmentLength extension.
    ERROR_SSL_DECOMPRESSION_FAILURE75781 (0x12805)Compression or decompression failure. Switch off compression (CompressionAlgorithms property).
    ERROR_SSL_HANDSHAKE_FAILURE75782 (0x12806)Incompatible versions or cipher suite lists. Try to play with version and cipher suite sets. Check that the server certificate is provided and has an associated private key.
    ERROR_SSL_ILLEGAL_PARAMETER75789 (0x1280D)
    ERROR_SSL_NO_CERTIFICATE75783 (0x12807)The certificate provided by the peer is not valid.
    ERROR_SSL_BAD_CERTIFICATE75784 (0x12808)
    ERROR_SSL_UNSUPPORTED_CERTIFICATE75785 (0x12809)
    ERROR_SSL_CERTIFICATE_REVOKED75786 (0x1280A)
    ERROR_SSL_CERTIFICATE_EXPIRED75787 (0x1280B)
    ERROR_SSL_CERTIFICATE_UNKNOWN75788 (0x1280C)
    ERROR_SSL_UNKNOWN_CA75790 (0x1280E)
    ERROR_SSL_ACCESS_DENIED75791 (0x1280F)The requested application-layer resource cannot be accessed by the requestor. Check with the administrator of the remote resource.
    ERROR_SSL_EXPORT_RESTRICTION75794 (0x12812)The peer is only configured to use exportable cipher suites. Switch on support for “EXPORT” cipher suites.
    ERROR_SSL_PROTOCOL_VERSION75795 (0x12813)The peers have not been able to negotiate a version to use (no shared protocol versions).
    ERROR_SSL_INSUFFICIENT_SECURITY75796 (0x12814)The cipher suites mutually supported by the peers are too weak and do not provide an adequate level of security.
    ERROR_SSL_INTERNAL_ERROR75797 (0x12815)Contact the vendor.
    ERROR_SSL_USER_CANCELED75798 (0x12816)Application layer has shut down the connection.
    ERROR_SSL_NO_RENEGOTIATION75799 (0x12817)One of the peers requested a renegotiation, which was refused by the other. Note that you will get this error (as a warning) if you return Allow = false from the OnRenegotiationStart event handler.
    ERROR_SSL_CLOSE_NOTIFY75800 (0x12818)Does not indicate an error condition. The SSL connection was closed gracefully and can be restored or cloned in future.
    ERROR_SSL_UNKNOWN_PROTOCOL_ERROR75801 (0x12819)
    By Limagito Error , ,
  • 27 May

    Web Remote Client SSL option

    Dear Users,

    We’ve added SSL (HTTPS) to our Web Remote Server.  To enable SSL you need to provide 3 certificate files:

    • (Public) Certificate File: This file contains the certificate public key part.
      So everything between and including these two statements:
      —–BEGIN CERTIFICATE—–
      —–END CERTIFICATE—–
    • (Private) Key File: This file contains the private key part.
      So everything between and including these two statements:
      —–BEGIN PRIVATE KEY—–
      —–END PRIVATE KEY—–
    • (Public) Root Certificate File: The final file that SSL requires is the Certificate Authority certificate file.
      You can obtain this from the Internet Explorer in Trusted Root Certificate Authority dialog.
      Select the Authority that issued your certificate and export it in Base64 (cer) format.
      This format is also the same as PEM format so after export simply rename the file to root.pem

    The type of certificates we need are .pem files.  The PEM extension is used for Base-64 encoded X.509 certificates. They contain ASCII armored data between “—– BEGIN …”  and “—–END …” lines. Sometimes the certificates come in a single pem file. In this case, you need to open it with a text editor and save the individual certificates in separate pem files.

    Certificates can be obtained from a trusted certificate authority. You can also generate your own but the browser will not trust this and will display a warning.

    If you have a certificate in .pfx format, you’ll have to convert it first. In this case we need a utility called openssl.exe.  First, download and install the OpenSSL Windows binaries from here (at you own risk). The lite version of the binaries is sufficient.

    • Start a command prompt with administrative privileges
    • At command prompt issue the following command:
      • openssl.exe pkcs12 –in <your file>.pfx –out <your file>.pem

    Openssl.exe will ask you for the password of the pfx file. Leave it blank if you did not specify one. It will also ask you for a new password for the .pem file (= optional). The certificates are converted to single pem file. You need to open the converted pem file with a text editor and save the individual certificates in separate pem files.

    Also online certificate conversions are available:

    Web Remote Setup is available in our LimagitoX Config Tool.

    Regards,

    Limagito Team