SPWF04 - TLS anonymous negotiation

Forum|Forum|7 years ago
September 11, 2018
14 replies
2361 views

On the SPWF01 module TLS anonymous negotiation was possible (ie no client copy of the server certificate required). Is this possible on the SPWF04? The documentation alludes to anonymous negotiation in AN4963 Section 1.1 - TLS sub Protocols on page 8, but I can't seem to find any way to make this happen with out putting a root ca certificate on the client. Any help would be much appreciated as it would save me a lot of time to create a ca cert and load onto each client module.

Thanks....

This topic has been closed for replies.

Show previous replies

M

Maciejowski.SethAuthor

Visitor II

I did get google.com to work! So this has everything to do with the cert we are using on our server...

M

Maciejowski.SethAuthor

Visitor II

It appears that our self signed certificate originating from out server does not have the subject key identifier extensions on it. This must be the problem and explains why we are getting basic constraints errors....

M

Maciejowski.SethAuthor

Visitor II

Elio,

Any suggestions on dealing with a "certificate error:17". The manual says : "Basic constraints are not good". We are using self signed certs...

E

Elio Cometti

Visitor II

Hello Seth,

"certificate error:17" usually means that the CA certificate does not contain the Basic Constraints extension or the CA flag is not set in the extension.

The AN4963 contains examples on how to generate keys/certificates and how to inspect them.

Regards,

Elio

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded