Topic
  • 8 replies
  • Latest Post - ‏2013-07-09T13:41:21Z by etj
samanderson
samanderson
172 Posts

Pinned topic Peer didnt sent certificate error

‏2013-06-18T11:35:27Z |

Hi -

I see this error on on of the boxes but none of the transactions were failing. is it because of bad ssl configuration ? Because of this error logs get rolled very soon.

How to get it cleaned rather than filtering logs in log target ? does it impact box performance ?

  • kenhygh
    kenhygh
    1619 Posts

    Re: Peer didnt sent certificate error

    ‏2013-06-18T12:56:56Z  

    is this from the FSH or from what?

  • ted.jump
    ted.jump
    330 Posts

    Re: Peer didnt sent certificate error

    ‏2013-06-18T14:53:49Z  

    In my limited experience this is a low-level SSL protocol error, which if you are seeing it in the domain log AND DataPower has rejected the connection because of this you will then get no activity on your service - because no data was transferred.

    If this is being treated as a warning, e.g. in your SSL Proxy Profile (reverse) you have "Client Authentication Is Optional" set ON, then the SSL connection should be granted and your service called.

    I have a service on one of my appliances which requires two-way SSL authentication, so have spent quite a bit of time helping client application developers resolve the problem that their application ISN'T sending the require identification certificate.

    Cheers.

  • samanderson
    samanderson
    172 Posts

    Re: Peer didnt sent certificate error

    ‏2013-06-19T10:22:42Z  
    • kenhygh
    • ‏2013-06-18T12:56:56Z

    is this from the FSH or from what?

    Ken - this is from handler ...any thing fishy ?

  • kenhygh
    kenhygh
    1619 Posts

    Re: Peer didnt sent certificate error

    ‏2013-06-19T10:33:17Z  

    Ken - this is from handler ...any thing fishy ?

    This means that the client did not send its own SSL certificate to DataPower. Ted's explanation is right on.

  • samanderson
    samanderson
    172 Posts

    Re: Peer didnt sent certificate error

    ‏2013-06-19T12:31:46Z  
    • kenhygh
    • ‏2013-06-19T10:33:17Z

    This means that the client did not send its own SSL certificate to DataPower. Ted's explanation is right on.

    Hi Ken - Are you saying that its a low level warning and can be ignored?

  • kenhygh
    kenhygh
    1619 Posts

    Re: Peer didnt sent certificate error

    ‏2013-06-19T12:35:57Z  

    Hi Ken - Are you saying that its a low level warning and can be ignored?

    is it a warning or an error message? If error, the transaction failed. If warning (or lower) then it can be ignored.

  • samanderson
    samanderson
    172 Posts

    Re: Peer didnt sent certificate error

    ‏2013-07-09T12:57:28Z  
    • kenhygh
    • ‏2013-06-19T12:35:57Z

    is it a warning or an error message? If error, the transaction failed. If warning (or lower) then it can be ignored.

    its an error Ken and surprisingly no one ever complain about failed transaction...:-)
  • etj
    etj
    108 Posts

    Re: Peer didnt sent certificate error

    ‏2013-07-09T13:41:21Z  

    In my experience, it could mean that the client did not present a cert.

    Another reason, as Ted suggested, is you may have a connection to the ssl port that is timing out or disconnecting.

    Perhaps you have something in your network that monitors the datapower ssl port?

    El