AnsweredAssumed Answered

Problems with ssl and commandserver in Authentication Manager 8.1

Question asked by Niklas Pettersson on Nov 18, 2016

 Hi, I am having problems with ssl and Authentication Manager 8.1. We are trying to migrate an installation of Authentication Manager 7.1 to virtual appliance 8.1. In doing so i have set up a hyper-v image of 8.1 sp1 and patched it to patch level 15. I have migrated 7.1 and have installed the root certifikat in "trusted" on the host windows server. I have an integration based on the 8.1 sdk calling the command server in the virtual appliance, from the host windows server 2008 r2. In my test environment, this works fine. But in the production environment i get the below error from the .net program:

 

System.Net.WebExceptionThe request was aborted: Could not create SSL/TLS secure channel

 

In the eventlog I se the below:

=======

Eventsource: schannel

Error code: 36887

Message: The following fatal alert was received: 47.

======

 

I have looked this up, and in the schannel.h the error 47 translates to: TLS1_ALERT_ILLEGAL_PARAMETER In addition. the browser IE8 can not reach the commandserver but I can reach it with firefox (version 35 since later vesions also gives the Illegal parameter error) This is supposidly fixed in a later patch but I have not verified this after patch 15 was installed. Can you please assist by providing information how to analyze and fix this? I hav tried to use the troubleshooting logs to no use, and searche your forums and the rest of the internet. Nothing leads to a solution.

 

The facts in short:

SSL problem with Authentication Manager 8.1 In .Net 4.0 application:

Calling https://server.domain.local:7002/ims-ws/services/CommandServer From the .net program

results in:

- System.Net.WebExceptionThe request was aborted: Could not create SSL/TLS secure channel.

Eventlog error message:

Eventsource: schannel

Error code: 36887

Message: The following fatal alert was received: 47.

Translation TLS1_ALERT_ILLEGAL_PARAMETER

hosting os: windows 2008 r2

Virtual appliance: rsa authentication server 8.1.1.15.0

SDK: rsa sdk 8.1

 

Any help in troubleshooting this error would be highly appreciated.

Best regards, Niklas

Outcomes