bikash Choudhary Posted February 9, 2021 Share Posted February 9, 2021 Could any one help as I am getting below error when trying to setup SSL . I am using sample certificate what provided by EMS (C:tibcoems8.5samplescerts) 2021-02-09 20:21:15.305 Peer certificate: 2021-02-09 20:21:15.316 Certificate=[/C=US/ST=California/L=us-english/O=Test Company/OU=client Unit/CN=client/emailAddress=client@testcompany.com] Issuer=[/C=US/ST=California/L=us-english/O=Test Company/OU=client_root Unit/CN=client_root/emailAddress=client_root@testcompany.com] 2021-02-09 20:21:15.316 SSL accepted cipher=ECDHE-RSA-AES128-GCM-SHA256 2021-02-09 20:21:15.316 Connection protocol=TLSv1.2 2021-02-09 20:21:15.316 [OpenSSL Error]: file=ossl.c, line=1814 2021-02-09 20:21:18.393 WARNING: Closing connection from [::1] due to timeout, exceeded timeout of 3. Config for SSL : # Server certificate, key and private key password. If password not # specified it is prompted for at start up time. The key and server # certificate issuers may be included into specified PKCS12 file. # Supports PEM, DER and PKCS12. ssl_server_identity = C:tibcoems8.5samplescertsserver.cert.pem ssl_server_key = C:tibcoems8.5samplescertsserver.key.pem ssl_password = password # Server Issuer certificate(s). # Supports PEM, DER and PKCS#12. # This may be a part of PKCS12 specified by ssl_server_identity ssl_server_issuer = # Trusted issuers of client certificates. Supports PEM, DER and PKCS7. ssl_server_trusted = C:tibcoems8.5samplescertsclient_root.cert.pem Link to comment Share on other sites More sharing options...
bikash Choudhary Posted March 8, 2021 Author Share Posted March 8, 2021 Is this community group active No reply from Tibco since 1 month . Link to comment Share on other sites More sharing options...
Derek Ma 2 Posted March 9, 2021 Share Posted March 9, 2021 Hi, As below, may you increase handshake_timeout If possible, may you share with me how you start your client with environment variables such as Java CLASSPATH Thanks, Derek https://support.tibco.com/s/article/OpenSSL-Errors-WARNING-Closing-SSL-connection-from-xx-xx-xx-xx-due-to-timeout-OpenSSL-Error-file-ossl-c-line-1631-Disconnected-connection-id-1104-reason-connection-terminated-iothr-c-162-OpenSSL-Error-file-ossl-c-line https://docs.tibco.com/pub/ems/8.5.1/doc/html/GUID-93C0E010-4296-42FB-8FEF-08A46946C3D2.html Link to comment Share on other sites More sharing options...
Saurabh Prabhu Posted March 9, 2021 Share Posted March 9, 2021 you might also want to set the ems log trace or console trace to SSL_DEBUG and see whats going wrong there. Link to comment Share on other sites More sharing options...
Richard Flather Posted March 9, 2021 Share Posted March 9, 2021 Hi, Did you try running EMS with the sample tibemsdssl.conf It also uses the same client/server certs. This is an easy way to test the environment. $ ../../bin/tibemsd -config tibemsdssl.conf TIBCO Enterprise Message Service Enterprise Edition. Copyright 2003-2019 by TIBCO Software Inc. All rights reserved. Version 8.5.1 V4 9/12/2019 2021-03-09 10:02:28.794 Process started from '../../bin/tibemsd'. 2021-03-09 10:02:28.794 Process Id: 10482 2021-03-09 10:02:28.794 Hostname: xxxxxxx 2021-03-09 10:02:28.794 Hostname IP address: 127.0.0.1 2021-03-09 10:02:28.794 Reading configuration from 'tibemsdssl.conf'. 2021-03-09 10:02:28.798 Server name: 'EMS-SERVER'. 2021-03-09 10:02:28.798 Storage Location: 'datastore'. 2021-03-09 10:02:28.798 Routing is disabled. 2021-03-09 10:02:28.798 Authorization is disabled. 2021-03-09 10:02:28.798 The server will attempt to trace warnings about destinations that are growing unbounded above 26843545 bytes or 50000 messages. 2021-03-09 10:02:28.798 Set server properties 'large_destination_memory' and 'large_destination_count' respectively to alter these thresholds. 2021-03-09 10:02:28.804 Secure Socket Layer is enabled, using OpenSSL 1.1.1c 28 May 2019 2021-03-09 10:02:28.804 Accepting connections on ssl://xxxxxx:7243. 2021-03-09 10:02:28.805 Server is active. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now