Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2965
Views
0
Helpful
4
Replies

Certification error on TMS using TLS

Nick Boylan
Level 1
Level 1

‎02-22-2013 04:03 AM - edited ‎03-18-2019 12:38 AM

Certification error on TMS using TLS.

We are receiving the following error message on TMS when trying to replicate using TLS.

'(400) Certificate Validation Error : TLS connection failure: _ssl.c:484: The handshake operation timed out'

There are no firewall ports with timeouts configured and on both the TCP dump from the VCS and the trace on TMS we can see the 3 way handshake taking place. Both TMS and VCS can communicate but this error message occurs.

The VCS was swapped out and configured, Could this possibly be the Windows server storing the certficate from the previous VCS and using that for the TLS thus causing TMS not recognising the certificate the VCS has and causing an error on the encryption?

HTTP traffic has been blocked on the firewall so when we turned TLS off we were unable to get replication up.

Has anyone seen this issue before?  and if so, did purging the certificate from the Windows server work?

I look forward to your replies.

Thank you

Labels:
0 Helpful
4 Replies 4

Magnus Ohm
Cisco Employee
Cisco Employee

‎02-22-2013 05:36 PM

Sounds like a fun issue :)

It could be many things. Where you using trusted certs before? Do we know its even related to the certs? Do you have cert validation enabled? If not you should be able to test with a self signed one (can you access tms eith https in different browsers?

Anyway it might be better with a TAC case on this particular issue.

/Magnus

Sent from Cisco Technical Support iPhone App

0 Helpful

ahmashar
Level 4
Level 4

‎02-24-2013 04:25 AM

- One thing to try is to delete self installed certificate from  windows server and re-install them (so know the expired ones are not  playing any rule in causing this problem).

- Enable the verificaion the certificate before you installed them

- Make sure you have intermediary certificate authorities up to your root certificate authority are installed.

which version of TMS and VCS are you using?

0 Helpful

Nick Boylan
Level 1
Level 1
In response to ahmashar

‎02-25-2013 05:24 AM

the VCS that is currently installed came from Cisco with x7.2,1, I downgraded to x7.1 before installing (so as to be on the same revision as the rest of the VCS group) although I think there are some security upgrades in the later version. Interestingly, the device SSL cert as seen via a browser for this particular VCS is set to expire next month (11/3/2013), whereas the certs from other VCS device I have just checked do not expire until 2029.

I have been looking to see if there is a way to regenerate a VCS set of keys, however, I have been unable to find anything.

Any ideas?

0 Helpful

Oscar Rebolledo
Level 1
Level 1
In response to ahmashar

‎04-30-2013 12:40 PM

Hi everyone

It is presenting me the same error, with VCS (7.2.1) and TMS (14.1.1), which was the solution for this problem.

(400)   Certificate Validation Error: TLS connection failure: [Errno 1]  _ssl.c:  504: error: 14090086: SSL routines:  SSL3_GET_SERVER_CERTIFICATE: failed  Verify certificate

0 Helpful
Customers Also Viewed These Support Documents