Can't get Simple CS to work on a new Redhat server

Started by Loren Doornek, October 12, 2020, 04:25:24 PM

Previous topic - Next topic

Loren Doornek

We have a new Redhat server, with PXPlus 2020 (version 17) installed, and are trying to setup Simple Client/Server using a secured connection.  The setup that we've always used just isn't working.  We were thinking that the cert we are using is invalid for some reason - it was created in 2008, and may not be up-to-snuff with newer SSL options, but has worked with all of our other installations.  I know the server is using OpenSSL 1.1.1.c, but that should work with PXPlus v17 according to messages I've seen on these forums.

So, just to confirm that secure connections are working, I tried just running PXPlus, then opened a secure TCP connection using OPEN (1) "[tcp];443;secure". That worked fine.

Then, I tried open a local TCP host using OPEN (1)"[tcp];1234;SECURE=/usr/common/cert.cer", which seemed to work fine.  But the connection fails when I try to open that TCP port as a client using OPEN (2)"[tcp]localhost;1234;SECURE".

If I try the host/client without using SECURE, it works fine.

So, thinking maybe it was the cert, I generated a new cert using this command: openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
Then, I cat'ted the two files into a single file using: cat key.pem cert.pem >/usr/common/cert.cer

I retried the host/client again, and it still fails.

Any suggestions on what else I can try or check to get this thing working?

Thanks in advance for any suggestions!



With your OPEN (1)"[tcp];1234;SECURE=/usr/common/cert.cer" & OPEN (2)"[tcp]localhost;1234;SECURE" test, PRINT MSG(-1) when you get an error on the second open.  That should tell you why the open isn't working.


Devon Austen

Testing a SSL connection with a open [TCP] can be a little tricky as the SSL handshake needs to take place.

On the server after you do the open type in a READ RECORD (chan) x$ but don't hit enter yet.

Then when you do the open on the client you hit enter on the server to execute the read record.

If this still gives you an error then check the error message like Eric suggested.
Principal Software Engineer for PVX Plus Technologies LTD.

Loren Doornek

Thanks for the tips - this is resolved now.

Using the old cert, msg(-1) was returning a message "Can not use certificate on file (err/ret=2/2)".  That old cert used SHA1, and I suspect that the new Redhat server is configured out of the box to not allow SHA1.   So, I generated a new cert using SHA256, and it worked fine.

Devon, the tip on testing an SSL connection was great!  I could never get my two sessions to talk to each other over TCP since the secure connection always failed.  Hitting 'enter' on the READ RECORD for the 'host' process immediately after trying to open the client port worked perfectly, and allowed the connection to be secured.  Thanks!