0
1000
Question Dhivakar Karimuth · Aug 30, 2023

Error #988: SSL connection failed. SSL/TLS error in SSL_read(), SSL_ERROR_SYSCALL: I/O error (54)

#InterSystems IRIS #API #SSL

I am trying to connect the external application. Authenticating via Two SSL,

I have the Client Cert, Private key and the Root Certificate

The connection is successful from local (both via terminal and as well via Postman)

But when trying from IRIS application by configuring the certificates in the SSL configuration, i am not able to successfully verify the SSl connections

When test from the ssl configuration with the endpoint and port its gives the error Error #988: SSL connection failed. SSL/TLS error in SSL_read(), SSL_ERROR_SYSCALL: I/O error (54)

I am also seeing the error when the Http request using this ssl certificate

ce
Text: 70 ÌÑ"<READ>Read+28^%Net.HttpRequest.1'˜ e^Read+55^%Net.HttpRequest.1^2!e^Send+221^%Net.HttpRequest.1^18e^SendFormDataArray+64^EnsLib.HTTP.OutboundAdapter.1^12e^SendFormData+1^EnsLib.HTTP.OutboundAdapter.1^1/e^VirtualAccountRequest+31^dx.bo.VISA.VPA.1^1'e^MessageHandler+6^dx.bo.VISA.VPA.1^1.e^MessageHeaderHandler+23^dx.bo.VISA.VPA.1^1e^OnTask+42^Ens.Host.1^1e^Start+62^Ens.Job.1^2$d^StartEnsembleJob+6^|"%SYS"|STU^1d^^^0

It appears to be due to the ssl configurations.

I have verified the certs , keys format, all looks fine,


The same has been working fine in local

its not working via IRIS application

Any advise

Product version: IRIS 2023.1
$ZV: IRIS for UNIX (Apple macOS for Apple Silicon) 2023.2 (Build 204U) Mon Jun 5 2023 10:52:53 EDT
Discussion (7)0
Log in or sign up to continue

Comments

Prasanth Annamreddy · Aug 30, 2023

Did you verify connectivity between your system (server) and the other system?

Is the firewall rule enabled for the IP that you want to connect to?

0
Dhivakar Karimuth  Aug 30, 2023 to Prasanth Annamreddy

Yes, The connection is fine, no firewall rule enabled on the IP that I am trying to connect

0
Timo Lindenschmid · Aug 30, 2023

Hi, 

SSL error 54 points to an issue with an untrusted certificate in chain.

0
Deepak Ghansala · Sep 4, 2023

When you are connecting through Postman or terminal, it establishes the chain of trust using the public CAs stored in trusted certificate store on your machine, or the application.

In IRIS you have to give the entire chain and not just the root certificate, if there is an Intermediate CA which is signing either your client or the server's cert, you can extract the entire chain using your browser as well or through openssl too.

0
Deepak Ghansala  Sep 4, 2023 to Deepak Ghansala

You can additionally also try by entering "%OSCertificateStore" in field "File containing trusted Certificate Authority certificate(s)" of your TLS configuration. 

0
Dhivakar Karimuth  Sep 7, 2023 to Deepak Ghansala

Tried Both(complete certificate chain and by entering ("%OSCertificateStore"  ) , still having issues @Deepak Ghansala 
thanks

0
Dhivakar Karimuth · Sep 7, 2023

The issues is not with the certificates.


Got help from WRC.

The problem is that the SSL/TLS test code sends the following request after the handshake:

Set request="GET / HTTP/1.0"

Write request,!,!

Read reply:5

The server responds by closing the connection.

Hence the test was never successful,

The actual Http Request is successful though the ssl test from ssl/tls configurations is failed , misleading issue is with the certificates

Its actual issue solved  now

Thanks

0