cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2483
Views
10
Helpful
9
Replies

Webbridge 3 CMS 3.2.2 issue

mecharek1
Level 1
Level 1

Hi

can someone guide me in the configuration of the web bridge 3 on cms 3.2
I can't find a document that explains the c2w trust
here is the error message that appears:

C2W Peer 7FED30023560 failed TLS handshake with error: self signed certificate
C2W connection to "c2w://IP Adress cms:9999" failed (connect failure)

 

BR;

9 Replies 9

b.winter
VIP
VIP

Hi,

have you configured the webbridge3 correctly? (webbridge3 c2w listen a:9999)

How does your certificate look like? Have you manually set the CN to the IP address? (pki selfsigned <name> CN:<IP>)

If you don't specify the CN manually, it will not generate one.

Hi winter

 

Yes i have configured the webbridge3 correctly? (webbridge3 c2w listen a:9999)

 

But i don't have set the CN to the IP address? 

Please i put what on <name> ?

 

Best Regards

If you haven't set the CN to the IP address, when generating the self-signed certificate, then the certificate will not nothing.

Therefore, how should the callbridge then validate the certificate of the webbridge?

I guess, you should get some information, on how certificates work in general and also have a better look in the installation and deployment guides of CMS.

 

The <name> is just a random tag in cms (pki selfsigned whatever-cert). As you have already generated the self-signed cert in CMS, I have assumed, that you already know that ...

 

Easy way for you:

pki selfsigned self-cert CN:<IP>

webbridge3 disable

webbridge3 c2w certs self-cert.key self-cert.crt

webbridge3 enable

callbridge trust c2w self-cert.crt

callbridge restart

In the API for the webbridge: "c2w://<IP>:9999"

Hi Winter,

 

Thank you for your precious help I generated another certificate and I redone the configuration following your example
now I'm back on another problem:


2021-10-05 12: 01: 33.545 Connection to remote Call Bridge "Cb02" failed (connect failure)
2021-10-05 12: 01: 34.305 C2W connection to "c2w: // ip address: 9999" failed (connect failure)


knowing that I have two clustered call bridges and I have not generated a certificate.

 

Best Regards;

Can every callbridge reach the webbridge IP?

Does every callbridge trust the webbridge self-signed cert?

Have you selected the callbridge group in the API for the webbridge?

 

How could you set up a cluster, without generating a certificate? Every connection in CMS is based on certificates...

Hi winter;

 

yes each callbridge reaches the IP of the webbridge

 

Only the first callbridge trusts the self-signed webbridge certificate

 

No I did not select the callbridge group in the API for the webbridge, I added the url of the first only "c2w: // <IP>: 9999"

 

No I am not talking about the certificates of the cluster, is it clear that we cannot set up a cluster without generating a certificate

I specifyI did not generate the self-signed certificate of the webbridge in the second call bridge

 

Please can you describe the steps to follow to configure the webbridge3 service in a cluster, do I have to activate it in both servers? which was not the case in CMS version 2.9

 

Thanks for the help and i very much appreciate your guidance

It is up to you, if you only want to use 1 or 2 webbridges.

 

If you want to use 2 webbridges, then you have to activate the webbridge service on both servers (just repeat the configuration steps on the second server, like you did on the first)

Both callbridges then have to trust the certificates of both webbridges and you have to add 2 webbridges via API.

 

Therefore, the certificate-file, which you assign to the trust of the callbridge (callbridge trust c2w <cert-file>), has to contain both certificates of the webbridges:

  1. open both certificates with an text editor (e.g. notepad++) --> you now have 2 windows open
  2. copy the text of both certs into a third editor window and save it as e.g. "webbridge-certs.cer"
  3. upload the file to both callbridges
  4. assign the cert-file on both servers via CLI "callbridge trust c2w webbridge-certs.cer"
  5. restart both callbridges via CLI "callbridge restart"

mecharek1
Level 1
Level 1

Hi,

 

I checked all the configuration I even configured the second call bridge but still the same problem
I read in other discussion that you need to set these parameters (client authentication, server authentication) in the template when you publish the certificate.


the CMS is accessible but I get an error message "The system is currently unavailable. Please try again later".

In the CMS logs, I have the following error
WB3Cmgr: Could not find connection to update Webbridge3 info
C2W connection to Webbridge <webbridge3 ID>: connection failed

 

Hi,

 

have you also set the trust-cert for the webbridge3?

webbridge3 trust c2w <cert-bundle>

Completely forgot that command in my other descriptions.

The cert-bundle needs to contain both callbridge certs (how-to described in my last post).

 

On which CMS do you see the logs?

Is the first CMS already able to connect to the its webbridge? (So callbridge 1 to webbridge 1, both services on CMS 1)