Hi Michael,
I successfully have setup a SSL connection between client and server a couple of days ago. Now I tried to reproduce the setup, but with no success.
I'm using server version 2.7.8. In the config.ini I added the line SSLCert=/opt/virtualhere/2.7.8/VirtualHereServer.pem. When I connect with a client, I get the following error message in syslog
Mar 17 09:30:22 c214 vhusbdarmbb-2.7.8[909]: Error in SSL_accept, error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
In the client (version 3.5.0) system messages I see
09:30:21 INFO :VirtualHere Client 3.5.0 starting (Compiled: Mar 7 2016 12:18:45)
09:30:21 INFO :Found config in executable path, using C:\Users\barkow\Desktop\VirtualHere\v3.5.0\vhui.ini
09:30:21 INFO :Administrator mode
09:30:21 INFO :IPC available at \\.\pipe\vhclient
09:30:22 ERROR :SSL Server verification (passed in) error: (20) unable to get local issuer certificate
09:30:22 INFO :SSL_connect error 1(-1) when connecting to c214:7574, (null)
Do you have any suggestion, where to look for the problem? The strange thing - as already mentioned - is that I already had it up and running, including client certificates and rcl, but for whatever reason I'm unable to reproduce this very simple setup...
Regards
Axel
Hi Michael,
Hi Michael,
found the problem. I need to add
SSLCAFile=...to the config.ini on server side and provide the CA I used to sign the server certificate. This is somehow missing in your SSL setup description.Regards
Axel
.
OK sorry, i will add that now. A customer a few weeks ago did a thorough evalulation of the virtualhere SSL functionality, and found some security holes so these have been closed. One of them was not validating with the CA on the server side...this is now fixed. The fixes are in the announcements section of the forum..
I also observed troubles in
I also observed troubles in case you rename the windows client executable. Is the executable file name somehow important?
Regards
Axel
No exe name is not important
No exe name is not important