Skip to Content
0

ASE Cockpit no login to ASE Server via SSL

Apr 03 at 03:14 PM

44

avatar image

Hi there,

having problems to get ASE Cockpit working on windows.
Whenever SSl is enabled on the server i get 'login failed'.
If I disable SSL on ASE Server login from Cockpit works.
ASE Cockpit agent.log says:

2018-04-03 16:17:28,713 [INFO ] [adapter.UAFLoginCommand ] [scc-ui::119] - Authenticating web login sapsa
2018-04-03 16:17:29,444 [ERROR] [ASEMAP ] [RMI TCP Connection(8)-127.0.0.1] com.sybase.ua.plugins.asemap.security.ASELoginModule.login(145) - com.sybase.aseaccess.exception.AALSQLException: java.sql.SQLException: JZ00L: Login failed. Examine the SQLWarnings chained to this exception for the reason(s).
2018-04-03 16:17:29,454 [WARN ] [security.SecurityService ] [RMI TCP Connection(8)-127.0.0.1] - Login failed from ludsapdcte01.sapenv.org. Username: sapsa
2018-04-03 16:17:29,454 [ERROR] [security.AuthenticationHook ] [RMI TCP Connection(8)-127.0.0.1] - Authentication failed. Please check username and password.

Same password will work in isql and from ASE Cockpit when switching off SSL on the server.

In ASE Server log I get:

018/04/03 16:45:39.47 kernel SSL or Crypto Error Info: psn 388, vsn 23, sockp 000000002B628000 error id 302, severity -2, provider id 0.
00:0006:00000:00029:2018/04/03 16:45:39.47 kernel SSL or Crypto Error Message: 'The SSL handshake failed. Root error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number'.

OS: Windows 2012 R2
ASE:

Adaptive Server Enterprise/16.0 SP02 PL07/EBF 27572 SMP/P/X64/Windows Server/ase160sp02plx/0/64-bit/FBO/Tue Dec 19 22:17:07 2017

Any ideas ?

Regards,
Rainer

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Ryan Hansen
Apr 04 at 03:19 PM
0

Hi,

Have you set the public ssl certificate in ASE cockpit?
Should have to add this certificate to $SYBASE/COCKPIT-4/services/EmbeddedWebContainer/cacerts
Password is changeit by default.

Regards,
Ryan

Share
10 |10000 characters needed characters left characters exceeded
Rainer Buchwald Apr 10 at 08:01 AM
0

Hi Ryan,

thanks for the hint.
Since I'm new to ASE I did not know exactly how to add the certificate.
I looked around and found the keytool utilitiy, located in %SYBASE%\jre64\bin.
I used this to add the certificate to the cacerts keystore.

G:\sybase\VTE\jre64\bin\keytool.exe -importcert -file G:\sybase\VTE\ASE-16_0\certificates\VTE.crt -keystore cacerts -storepass changeit

Got back some info about certificate and finally:

Trust this certificate? [no]: yes
Certificate was added to keystore

After that restarted ASE and Cockpit Service.
Same error as above (including log file content).

Best,

Rainer

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi,

I did see this error before:
https://archive.sap.com/discussions/thread/3845555

Is your internet explorer / computer setup to accept tls1, 1.1, sslv3?

KBA# 2441404 - how to setup cockpit and ssl


Regards,
Ryan

0
Rainer Buchwald Apr 13 at 12:22 PM
0

Hi Ryan,

I have the suspicion, that ths has been misunderstood in serveral ways. First my action described in the previous post were wrong and could not have led to a solution(importing server Certificate in Cockpit keystore).

Reading note 2441404 I guess you meant getting SSL to work between client browser and ASE Cockpit.
My problem however is the failing login whenever SSL connection on ASE Server is enabled (enable_ssl = 1).
Unless SSL connection from browser is necessary to make SSL connect from Cockpit to server work(which I do not see necessary).
Ok, I admit I do not understand a lot about the SSL feature of ASE.

Maybe you can give me some further advice.

Regards,
Rainer

Share
10 |10000 characters needed characters left characters exceeded