Troubleshooting 473
SSL/TLS
SSL/TLS
If you are experiencing problems obtaining a successful SSL/TLS connection, you can set your
Syslog Level
to
Notice
and view the syslog for the following messages:
Line not SSL enabled. Abort connection
when a user who is configured for
Service SSL_RAW
tries to login on the serial port.
The user has been configured for an
SSL_RAW
connection, but the line has not been configured to
enable SSL. To resolve this, either enable the line for SSL or change the user's
Service
to
TCP_CLEAR
if SSL is not wanted.
Could not obtain peer's certificate.
z
User has selected a cipher key exchange of ADH (anonymous Diffie-Hellman) and enabled Peer
verification. ADH does not use certificates so they will not be sent in an SSL/TLS handshake.
Disable Peer Verification or change to a cipher suite that uses certificates.
z
User has selected Peer Verification on the configured SSL/TLS server and has not configured a
certificate for the client. Either disable peer verification on the SSL/TLS server or configure a
certificate for the SSL/TLS client.
SSL_accept failed
on the SSL/TLS server device.
z
The device has failed to accept an SSL/TLS connection on top of a TCP connection that has just
been established. This could indicate that the peer from which TruePort is trying to accept a
connection from is not configured for SSL/TLS. Verify that the peer has been configured for an
SSL/TLS client connection.
Certificate did not match configuration
z
The message is displayed when
Validate Peer Certificate
has been enabled, but the configured
Validation Criteria
does not match the corresponding data in the certificate received from the
peer. The data configured must match exactly to the data in the certificate. The data is also case
sensitive.
unknown protocol
message when trying to make an SSL/TLS connection
z
This will be displayed when both sides of the TCP connection are configured as SSL/TLS
clients. Change one of the end points to act as an SSL/TLS server.
z
One of the endpoints is not configured for SSL/TLS. Make sure both endpoints are configured
for SSL/TLS, verify that one is a client and the other is a server.
tlsv1 alert handshake failure
or
sslv3 alert handshake failure
z
The remote site has an SSL/TLS error and is sending this message with an alert message. Look at
the error messages on the remote end and fix the problem indicated.
I/O Models
An I/O Digital or Relay controlled motor is starting/stopping
z
Digital and Relay channels have automatically resetting fuses, meaning that if the circuit gets
overloaded and the fuse blows, it will automatically reset when the circuit cools down.
An A4R2 model is starting/stopping
z
The A4R2 model can run at 55 degrees Celsius ambient temperature when the input voltage is
22VDC or below. If the input voltage exceeds 22VDC, the maximum ambient temperature will
drop into the range of 45-50 degrees Celsius to run successfully.