on 01-16-2015 9:18 AM
Hello Experts,
I am getting following error 'Error 14 - SSL Signature verification failure – Agentry'.
It works fine on Windows(Agentry client) , this problem is on Android device.
I referred this Note 1834619 , it says try to re-install Agentry client but still it has same issue.
Regards
Manish
Hi Manish,
Proxy of NGINX will use .key and .cer file for verification. you should not use .cer file directly into mobile device
Step1: Create a text file called Android.txt containing this single line: basicConstraints=CA:true
Step2: Rename .key to .pem and .cer to .pem [like server.key to server.pem]
Step3: Navigate to openssl path in command line[]
Step4: Execute command
openssl x509 -days 3650 -in server-cert.pem -signkey server-key.pem -extfile android.txt -out server-cert.pem.crt
Step5: you will get server-cert.pem.crt file. execute another command
openssl x509 -inform PEM -outform DER -in server-cert.pem.crt -out AgentryTrustedCertificate.crt
Step6: Now you could use AgentryTrustedCertificate.crt to mobile certificate. it will come under trustedcertificate->users tab in android device
Thank you
Regards,
Sathriyan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Manish,
do you see in the SMP Log Files what error the Server produce?
Maybe it depends on the server connection fro the android client. Can you reach the SMP Server from the android device?
André
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bill and Andre,
I installed the certificate but still it gives same error.
Regards
Manish
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi manish,
Please find the below steps to resolve your issue:
Step 1: Download the openssl from openssl.org.
step 2: Extract it to proper location and open command prompt and give the path name as below:
Step 3: Run the 2 commands one in a order below:
cmd1 : openssl req -x509 -days 365 -newkey rsa:2048 -keyout server-key.pem -out server-cert.pem -config "D:\openssl-0.9.8k_X64\openssl.cnf"
cmd2: openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out AgentryServer.pfx
You need to give few details when you run cmd1 and give common name as your machine name or ip address.
Step 4: Copy the server-cert.pem and make two copies. Rename 1 as server-cert.cer and anthor as AgentryTrustedCertificates.sst and place it in agentry folder.
Step 5: Go to SCC and open Key store configurations and deploy server-cert.cer as x.509 and AgentryServer.pfx as PKCS12 certificate and install the same certificates on machine and place them in trusted root store(Double click and install).
Step 6: Restart the SMp and copy the server-cert.cer to android phone and install the certificate in phone by visiting the trusted credenttials in settings.
Step 7: start the android client. and you are good to go.
Please award if helpful.
Hi Manish,
we hade the same problem. The Android Certificate need a special value in it and fixed it with this:
First step is to reconstruct the PEM CA certificate:
Create a text file called Android.txt containing this single line: basicConstraints=CA:true
Then issue this openssl command:
openssl x509 -days 3650 -in server-cert.pem -signkey server-key.pem -extfile android.txt -out server-cert.pem.crt
Second step is to convert the PEM (ASCII) certificate to DER (Binary) format.
Do this by issuing this command:
openssl x509 -inform PEM -outform DER -in server-cert.pem.crt -out AgentryTrustedCertificate.der.crt
You will now have a new client certificate called CAcert.der.crt, which can be imported into the Android certificate store.
Try it out!
André
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Manish,
What Android device are you trying to use? Also, are you using the certificate that was automatically generated when you installed the SMP server or another certificate?
I do know there are some android devices that have a hard time loading the certificates (Motorola ET-1 for example).
--Bill
Manish,
What version of the Android Agentry client are you using?
If you are using SMP3 (Agentry 7.0.x) you will also need to install the necessary certificate on the Android device.
--Bill
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
80 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.