Error during SSL connection from version 15.2.0 onwards

Follow

The official build of version 15.2.0 unfortunately contains an error when using an SSL certificate on the Enterprise Server. If you are having trouble connecting to your server using SSL in version 15.2.0, first of all please make sure to install the latest updates 15.2.1 of the Enterprise Server and client. You can find the latest builds on our website. Please download and install them afterwards accordingly:

Enterprise Server & Corporate client 15.2.1

Normal client 15.2.1

Hint: Before changing any settings, please absolutely make sure to install the latest version 15.2.1 because otherwise, changes will not have any effect at all.

Concerning the version 15.2.0 (or higher) and using an SSL certificate on the server please also take into consideration the following: 

1. The new version 15.2.0 (or higher) uses an upgraded transfer protocol with no backward compatibility. This means that all Password Depot clients and Server Managers must also be updated to version 15.2.0 or higher. Our mobile apps are also available for download from the Google Play Store or App Store respectively. Please make sure to update all editions to the latest version.

2. The server uses now OpenSSL 1.1.1.j with TLS1.3. Currently, only server certificates in the PEM format are supported. We have implemented a procedure of automatic conversion of your installed PFX or CRT certificates to the PEM format, which may require an additional restarting of the Password Depot Server after the first run. If the server still cannot load the SSL certificate after restart please convert your existing certificate into the PEM format manually. 

To convert a PFX certificate into PEM, for example, please use this command line:

openssl.exe pkcs12 -in <SOURCE_FILE_PFX> -out <TARGET_FILE_PEM>

and answer the appearing questions about passwords when prompted.

When you try to connect to the server afterwards, you may get a message as follows:

image.png

The screenshot is in German saying that the certificate cannot be verified and that no error was found. Please select "Zertifikat anzeigen" (Show certificate). Afterwards, the following dialog window should be displayed:

image__1_.png

Select "Zertifikat installieren" (install certificate) and continue in order to finish the installation process.

Please note that all clients on Windows should install the certificate as trusted if the certificate has been converted. However, this is not required in iOS or Android.

So, the correct procedure is as follows:

1. Clients

If your clients get the message about the unknown certificate:
a) Please make sure to use the latest client version 15.2.1.
b) In the client click "Zertifikat anzeigen" and install it into "My Certificates" storage.
 
2. Enterprise Server
 
Converting on the server:
 
The server can convert CRT or PFX certificates automatically. If this does not work after the first start, just open the Server Manager and reassign all the certificates and password related settings.
 
If you need to convert your non-standard certificate manually, you do not need to install OpenSSL. Inside the PD Server program directory there are already all required files.
 
Example:
 
If you have a certificate with the name "zert.pfx", then:
 
a) Copy it into the server program directory (C:\Program Files\AceBIT\Password Depot Server 15\).
b) Open command window (Win+R and type cmd.exe).
c) Change the current directory cd C:\Program Files\AceBIT\Password Depot Server 15\.
d) Execute openssl.exe pkcs12 -in zert.pfx -out zert.pem and enter passwords when prompted.
e) If the private key file is stored in different file, then repeat the same steps for the key file.
f) Start the Server Manager and activate SSL with the obtained .pem file(s) zert.pem.
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.