cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
2337
Views
0
Helpful
4
Replies
Nick Boylan
Beginner

Certification error on TMS using TLS

Certification error on TMS using TLS.

We are receiving the following error message on TMS when trying to replicate using TLS.

'(400) Certificate Validation Error : TLS connection failure: _ssl.c:484: The handshake operation timed out'

There are no firewall ports with timeouts configured and on both the TCP dump from the VCS and the trace on TMS we can see the 3 way handshake taking place. Both TMS and VCS can communicate but this error message occurs.

The VCS was swapped out and configured, Could this possibly be the Windows server storing the certficate from the previous VCS and using that for the TLS thus causing TMS not recognising the certificate the VCS has and causing an error on the encryption?

HTTP traffic has been blocked on the firewall so when we turned TLS off we were unable to get replication up.

Has anyone seen this issue before?  and if so, did purging the certificate from the Windows server work?

I look forward to your replies.

Thank you

4 REPLIES 4
Magnus Ohm
Cisco Employee

Sounds like a fun issue :)

It could be many things. Where you using trusted certs before? Do we know its even related to the certs? Do you have cert validation enabled? If not you should be able to test with a self signed one (can you access tms eith https in different browsers?

Anyway it might be better with a TAC case on this particular issue.

/Magnus

Sent from Cisco Technical Support iPhone App

ahmashar
Enthusiast

- One thing to try is to delete self installed certificate from  windows server and re-install them (so know the expired ones are not  playing any rule in causing this problem).

- Enable the verificaion the certificate before you installed them

- Make sure you have intermediary certificate authorities up to your root certificate authority are installed.

which version of TMS and VCS are you using?

the VCS that is currently installed came from Cisco with x7.2,1, I downgraded to x7.1 before installing (so as to be on the same revision as the rest of the VCS group) although I think there are some security upgrades in the later version. Interestingly, the device SSL cert as seen via a browser for this particular VCS is set to expire next month (11/3/2013), whereas the certs from other VCS device I have just checked do not expire until 2029.

I have been looking to see if there is a way to regenerate a VCS set of keys, however, I have been unable to find anything.

Any ideas?

Hi everyone

It is presenting me the same error, with VCS (7.2.1) and TMS (14.1.1), which was the solution for this problem.

(400)   Certificate Validation Error: TLS connection failure: [Errno 1]  _ssl.c:  504: error: 14090086: SSL routines:  SSL3_GET_SERVER_CERTIFICATE: failed  Verify certificate

Content for Community-Ad

Spotlight Awards 2021