cancel
Showing results for 
Search instead for 
Did you mean: 

Certificate is for agentry server (generic)

Former Member
0 Kudos
84

Hi,

I have installed smp2.3 and was able to connect to WM6 server using the WPF client.   However,  if i tried to use the ATE to connect to the server i get the following error message below....

Requesting public key from server...

Connect to server "SYCLO', cerfificate is for 'Agentry Server (Generic)', so

Communications error (14)

Connection failed

Ending transmission

How do I correct it?

Thanks.


Accepted Solutions (1)

Accepted Solutions (1)

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

What service pack / patch level versions are you using of SMP 2.3?

I would recommend going to the latest SP04 stuff.

You will need to generate a certificate for your Agentry server (check the docs for details) that will then need to be installed on the clients to authenticate the Agentry server when connecting.  The error you received is because the server name you entered SYCLO didn't match the certifiate on the Agentry Server "Agentry Server (Generic)" so you will need to generate the appropriate one.

--Bill

Former Member
0 Kudos

Hi Bill,

I am not on any service packs at all (even though we should be on SP04 but right now I am just trying to get things rolling with the current version for demonstration).  I installed the SMP2.3 and WM 6.0 and was able to sync to it using the WPF client.   However, for the ATE, iOS and Android I understand that a .sst file needs to be generated using OpenSSL?

It is a bit painful but can you provide details/steps lets say how to get the iOS client to properly communicate with SMP2.3 then Android?

Thanks,

-Thomas

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

Thomas,


I really think you should upgrade to the SP04 first as there were some mid-stream changes on how the clients authenticate.  The use of the .sst file has actually gone away and is replaced with certificate authentication now implemented in all the client on SMP 2.3 and 3.0.


The documentation for the certificate creation is at

Authentication Certificates


I followed the steps for creating a self-signed certificate.  I took the resulting .pfx file and copied it to my ServerDev directory and edited my Agentry.ini to point to my new .pfx file.


[ANGEL Front End]
authenticationCertificateStore=mynewhostcert.pfx
authenticationCertificateStorePassword=abc123
authenticationCertificateStorePasswordEncoded=false


I also took the .cer file (the copy of the .pem) and double clicked on it to install it to my Trusted Root Certificate Authorties store on my PC so my win32 client would connect.

The same .cer file can be installed on iOS as well to allow the 6.1.3.10212 (from the iOS app store) to also connect.  To install on iOS I find it easiest to just email the .cer file to myself ignoring the Exchange warning and then opening from the email on the device.

The process is similar for Android.  Copy the .cer file to your Android device and the install from Settings -> Security -> Install from Phone Storage.  After it installs you can verify it shows under Settings -> Security -> Trusted Credentials -> User.

Using this process I was able to get win32, android and iOS clients to all connect to my Agentry 6.1 server.

Good Luck!

--Bill

Former Member
0 Kudos

Hi Bill,

Thanks for the great detail information.   Based on your reply,  if i bring my SMP2.3 up to SP04, I still need to perform the Authentication Certificate Creation described above in your email correct!?

Thanks.

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

Correct, you will need to perform the certificate creation for SP04.

--Bill

Former Member
0 Kudos

Hi Bill,

I followed your steps and created self-signed certificate for SP04. 


1) ATE can connect to server.


2) Windows 8 tablet can connect to server.


3) iOS and Android Clients gives "Unable to resolve host" error if enter Server Name (e.g VKTVMSP04) as server.

     If i enter Ip address of server (e.g 192.168.12.128) , it gives "SSL invalid chain " error.


I edited Agentry.ini file like this;

[ANGEL Front End]

trustedCertificateStore=VKTVMSP04.cer

authenticationCertificateStore=VKTVMSP04.pfx

authenticationCertificateStorePassword=vektora1

authenticationCertificateStorePasswordEncoded=false

authenticateClient=true

timeout=300

keepAliveTime=60


Former Member
0 Kudos

Hi Bill,

Following your instructions I was able to get all the clients connect to SMP2.3.   So thank you!!! However,  it took us several tries before we can figure out where the issue was.    The issue is that the Certificate Creation process is so generic on Sybase site (http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc01930.0234/doc/html/fre13...) since it doesn't really tell you that when you run the command you need to put in the actual fully qualified name of the server (i.e. syclo.xxx.local).    So we kept getting errors when we're trying to sync,  finally figured it out after several tries.

Is there a detail documentation on this because if the customers try to do this themselves I am sure they will have one heck of a time figuring this out.

Also, how do you verfiy if SP04 is correctly install or installed in SMP2.3?   Can you tell by using SCC?   Below is the screenshot under the About menu in SCC but it doesn't say anything about SP04!?

-Thomas

Former Member
0 Kudos

Hi Thomas,

Can you give some detail about  "fully qualified name of the server "  please?  Did you use this name when you create self-signed certificate?

Thanks

Former Member
0 Kudos

Hi Serkan,

Go to Control Panel -> System and what is shown under "Full Computer Name" is what you want to type in during the server prompt when creating your certificate.

-Thomas

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

Serkan,

The unable to resolve host error indicates that the DNS name resolution your iOS and Android devices are using is unable to determine the IP address associated to the VKTVMSP04 server.  You may need to look at either generating the certificate using the fully qualified host name or working with your IT group to so the Android and iOS clients can resolve the hostname you used to build your certificate.

--Bill

Former Member
0 Kudos

Thomas,

To check if you have SP04 installed by going to "localhost@locahost" then clicking on the "Product Information Tab.


In the Version column it should say "2.3.4.0"

Stephen

Answers (0)