cancel
Showing results for 
Search instead for 
Did you mean: 

Error 14 - SSL Signature verification failure – Agentry

CRVMANISH
Contributor
0 Kudos

Hello Experts,

I am getting following error 'Error 14 - SSL Signature verification failure – Agentry'.

It works fine on Windows(Agentry client) , this problem is on Android device.

I referred this Note 1834619 , it says try to re-install Agentry client but still it has same issue.

Regards

Manish

Accepted Solutions (0)

Answers (5)

Answers (5)

0 Kudos

Hi Manish,

Proxy of NGINX will use .key and .cer file for verification. you should not use .cer file directly into mobile device

Step1: Create a text file called Android.txt containing this single line:  basicConstraints=CA:true

Step2: Rename .key to .pem and .cer to .pem [like server.key to server.pem]

Step3: Navigate to openssl path in command line[]

Step4: Execute command

          openssl x509 -days 3650 -in server-cert.pem -signkey server-key.pem -extfile android.txt -out server-cert.pem.crt

Step5: you will get server-cert.pem.crt file. execute another command

               openssl x509 -inform PEM -outform DER -in server-cert.pem.crt -out AgentryTrustedCertificate.crt


Step6: Now you could use AgentryTrustedCertificate.crt to mobile certificate. it will come under trustedcertificate->users tab in android device

Thank you

Regards,

Sathriyan

Former Member
0 Kudos

Hi Manish,

do you see in the SMP Log Files what error the Server produce?

Maybe it depends on the server connection fro the android client. Can you reach the SMP Server from the android device?

André

CRVMANISH
Contributor
0 Kudos

Hello Andre, I am able to call the SAP WM URL from Android web browser, which means server is reachable from Android Tablet Regards Manish

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

Do you get any kind of certificate error from the browser?

After you installed the certificate on Android do you see it listed in Security | Trusted Credentials | User?

Also what specific android device are you using and what version of the OS is it running?

--Bill

CRVMANISH
Contributor
0 Kudos

Hello Bill,

Android version is 3.2

Its Samsung GT-P6200.

Regards

Manish

CRVMANISH
Contributor
0 Kudos

Hi Bill and Andre,

I installed the certificate but still it gives same error.

Regards

Manish

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

What version of the Agentry client / server are you using?

--Bill

CRVMANISH
Contributor
0 Kudos

Hello Bill,

We are using WM 6.2 and agentry client 7.0

Regards

Manish

Former Member
0 Kudos

What SP of the SDK did the client come out of?

CRVMANISH
Contributor
0 Kudos

Hi Stephen,

SMP SDK is SP04 PL-02(SMPSDK30004P_2-21011834_1)

I have attached screenshot for reference.

Regards

Manish

Former Member
0 Kudos

Hi manish,

Please find the below steps to resolve your issue:

Step 1: Download the openssl from openssl.org.

step 2: Extract it to proper location and open command prompt and give the path name as below:

Step 3: Run the 2 commands one in a order below:

cmd1 : openssl req -x509 -days 365 -newkey rsa:2048 -keyout server-key.pem -out server-cert.pem -config "D:\openssl-0.9.8k_X64\openssl.cnf"

cmd2: openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out AgentryServer.pfx

You need to give few details when you run cmd1 and give common name as your machine name or ip address.

Step 4: Copy the server-cert.pem and make two copies. Rename 1 as server-cert.cer and anthor as AgentryTrustedCertificates.sst and place it in agentry folder.

Step 5: Go to SCC and open Key store configurations and deploy server-cert.cer as x.509 and AgentryServer.pfx as PKCS12 certificate and install the same certificates on machine and place them in trusted root store(Double click and install).

Step 6: Restart the SMp and copy the server-cert.cer to android phone and install the certificate in phone by visiting the trusted credenttials in settings.

Step 7: start the android client. and you are good to go.

Please award if helpful.

CRVMANISH
Contributor
0 Kudos

Hi Rakesh,

Thanks for reply. I am getting following error. Do we need to install openssl on Agentry server or it should work from any machine.

Regards

Manish

Former Member
0 Kudos

You have to install on agentry server itself.

CRVMANISH
Contributor
0 Kudos

Hi Rakesh, I tried all the steps but same error. Error 14 - SSL Signature verification failure – Agentry Regards Manish

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

Please note, these steps using openssl are related to SMP 2.3 and do not apply to SMP 3 (Agentry 7).

--Bill

CRVMANISH
Contributor
0 Kudos

Thanks Bill for the information.

How do we mitigate this issue, i am using SMP certificate ,

it works on windows client from other machine but not on android device we are using.

Regards

Manish

Former Member
0 Kudos

Hi Manish,

we hade the same problem. The Android Certificate need a special value in it and fixed it with this:

First step is to reconstruct the PEM CA certificate:

Create a text file called Android.txt containing this single line:  basicConstraints=CA:true

Then issue this openssl command:

openssl x509 -days 3650 -in server-cert.pem -signkey server-key.pem -extfile android.txt -out server-cert.pem.crt

Second step is to convert the PEM (ASCII) certificate to DER (Binary) format.

Do this by issuing this command:

openssl x509 -inform PEM -outform DER -in server-cert.pem.crt -out AgentryTrustedCertificate.der.crt

You will now have a new client certificate called CAcert.der.crt, which can be imported into the Android certificate store.


Try it out!

André

CRVMANISH
Contributor
0 Kudos

Hello Andre, I don't know how to use openssl command. Is there anything so that i can just run bat file and generate certificate. Regards Manish

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

Manish,

What Android device are you trying to use?  Also, are you using the certificate that was automatically generated when you installed the SMP server or another certificate?

I do know there are some android devices that have a hard time loading the certificates (Motorola ET-1 for example).

--Bill

Former Member
0 Kudos

Hi Manish,

i dont know any bat files but the use of openssl is very easy. You just need to download openSSL. Go to the directory where the openssl.exe file exist (mostly in the /bin directory).

Then use a command line tool to enter the commands ant open SSL do the rest for you.

André

CRVMANISH
Contributor
0 Kudos

Hi Andre,

Thanks for reply. Where should i place Android.txt file.

I am getting error.

Please find attached screenshot for reference.

Regards

Manish

Former Member
0 Kudos

The Android.txt file should be in the same place where the openssl.exe file is (/bin directory from the openSSL installation path).

Best Regards,

André

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

Manish,

What version of the Android Agentry client are you using?

If you are using SMP3 (Agentry 7.0.x) you will also need to install the necessary certificate on the Android device.

--Bill