Error #988: SSL connection failed. SSL/TLS error in SSL_read(), SSL_ERROR_SYSCALL: I/O error (54)

Question

Question

Dhivakar Karimuth · Aug 30, 2023

I am trying to connect the external application. Authenticating via Two SSL,

I have the Client Cert, Private key and the Root Certificate

The connection is successful from local (both via terminal and as well via Postman)

But when trying from IRIS application by configuring the certificates in the SSL configuration, i am not able to successfully verify the SSl connections

When test from the ssl configuration with the endpoint and port its gives the error Error #988: SSL connection failed. SSL/TLS error in SSL_read(), SSL_ERROR_SYSCALL: I/O error (54)

I am also seeing the error when the Http request using this ssl certificate

ce

Text:

70 ÌÑ"<READ>Read+28^%Net.HttpRequest.1'˜ e^Read+55^%Net.HttpRequest.1^2!e^Send+221^%Net.HttpRequest.1^18e^SendFormDataArray+64^EnsLib.HTTP.OutboundAdapter.1^12e^SendFormData+1^EnsLib.HTTP.OutboundAdapter.1^1/e^VirtualAccountRequest+31^dx.bo.VISA.VPA.1^1'e^MessageHandler+6^dx.bo.VISA.VPA.1^1.e^MessageHeaderHandler+23^dx.bo.VISA.VPA.1^1e^OnTask+42^Ens.Host.1^1e^Start+62^Ens.Job.1^2$d^StartEnsembleJob+6^|"%SYS"|STU^1d^^^0

It appears to be due to the ssl configurations.

I have verified the certs , keys format, all looks fine,

The same has been working fine in local

its not working via IRIS application

Any advise

Product version: IRIS 2023.1

$ZV: IRIS for UNIX (Apple macOS for Apple Silicon) 2023.2 (Build 204U) Mon Jun 5 2023 10:52:53 EDT

Discussion (7)2

Log in or sign up to continue

Dhivakar Karimuth · Sep 7, 2023

The issues is not with the certificates.

Got help from WRC.

The problem is that the SSL/TLS test code sends the following request after the handshake:

Set request="GET / HTTP/1.0"

Write request,!,!

Read reply:5

The server responds by closing the connection.

Hence the test was never successful,

The actual Http Request is successful though the ssl test from ssl/tls configurations is failed , misleading issue is with the certificates

Its actual issue solved now

Thanks

0 0

score 0 · Answer 1 · 2023-08-30T12:45:00-04:00

Did you verify connectivity between your system (server) and the other system?

Is the firewall rule enabled for the IP that you want to connect to?

score 0 · Answer 2 · 2023-08-30T22:08:03-04:00

Dhivakar Karimuth · Aug 30, 2023

Yes, The connection is fine, no firewall rule enabled on the IP that I am trying to connect

0 0

score 0 · Answer 3 · 2023-08-30T23:44:52-04:00

Timo Lindenschmid · Aug 30, 2023

Hi,

SSL error 54 points to an issue with an untrusted certificate in chain.

0 0

score 0 · Answer 4 · 2023-09-04T08:35:36-04:00

When you are connecting through Postman or terminal, it establishes the chain of trust using the public CAs stored in trusted certificate store on your machine, or the application.

In IRIS you have to give the entire chain and not just the root certificate, if there is an Intermediate CA which is signing either your client or the server's cert, you can extract the entire chain using your browser as well or through openssl too.

score 0 · Answer 5 · 2023-09-04T08:39:20-04:00

You can additionally also try by entering "%OSCertificateStore" in field "File containing trusted Certificate Authority certificate(s)" of your TLS configuration.

score 0 · Answer 6 · 2023-09-07T01:57:11-04:00

Tried Both(complete certificate chain and by entering ("%OSCertificateStore" ) , still having issues @Deepak Ghansala
thanks