cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
maximilianhense
Level 4

Failing to setup SSL Communication within FNE C SDK

Hi all,

I am trying to setup SSL communication within the FNE-SDK for C on Windows.

I use the latest CapabilityRequest.c example and downloaded the right certificates from the FNO-Server.

If I compile and run the example, I receive this error:

ERROR: talking to server: [1,7e3,b,0[74000008,3c,10060221]] Generic communications error.
[1,7e3,b,0[75000001,60,3001025c]] General data transfer failure. SSL peer certificate or SSH remote key was not OK

This is my code:

{
FlcBool rc = FLC_TRUE;
FlcCommRef commInterface = 0;
FlcChar url[512] = {0};

if (!FlcCommCreate(&commInterface, error))
{
DisplayErrorString(_T("creating communications interface"), error);
return FLC_FALSE;
}
rc = FlcCommSetProxyAutoDetect(commInterface, FLC_TRUE, error);

rc = FlcCommSetSSLCertificatePath(commInterface, "*Path to CERT*\\cert.pem", error);

TCharToFlcChar(targetUrl, url, sizeof(url));
rc = FlcCommSetServer(commInterface, url, error) &&
FlcCommSendBinaryMessage(commInterface, (void *)request, requestSize, (void **)response, responseSize, error);
(void)FlcCommDelete(&commInterface, 0);
return rc;
}

Has anyone an idea to fix this? 

Best regards,

Max

0 Kudos
(9) Replies
ejohnson1
Flexera Alumni

Hi @maximilianhense ,

Take a look at this KB, which looks similar to the problem and error you posted:

https://community.flexera.com/t5/FlexNet-Embedded-Knowledge-Base/Certificate-Authentication-problem/ta-p/990

Best Regards.

Hi Eric, 

thank you for your answer! I've allready tried this solution. But that's not the problem.

 

Best regards,

Max

0 Kudos

Hi Max,

Does the default trusted (PEM) certificate  provided with the SDK exhibit the same problem?

Cert: DigiCertGlobalRootCA.pem

Location: flexnet_client-xt-c-x64_windows-2019.04.0\thirdparty\ssl_certs

Best Regards,

Eric

0 Kudos

Hi Eric,

it works with an UAT-Cloud-Instance but not with the On-Prem version.

Best regards,

Max

0 Kudos

Hi Max,

It really seems to come down to the certificate authentication.  Would you agree?

Is it feasible to generate a new certificate?

Thanks,

Eric

0 Kudos

Hi Eric,

should the "DigiCertGlobalRootCA.pem" also work for self hosted on prem versions?

 

Best regards,

Max

0 Kudos

Hi Max,

The provided certificate, "DigiCertGlobalRootCA.pem", identifies FlexNet Operations hosted platform for all Flexera FNO-Cloud customers.

It would similar to you taking my passport (identity) and attempting to travel with it, which is not valid for you and ticketing, passport control or flight check-in would spot it.

Once self-hosted, certificate responsibility is beyond Flexera.

Best Regards,

Eric

0 Kudos

I'll investigate more Max. 

That's how I understand it with certificates / trust and entity hosting (flexera or self).

0 Kudos

Hi Eric,

thank's for your explanation.

I will talk to my customer to clearify if there is a way to get new certificates.

Best regards,

Max

0 Kudos