TN and SSL

nancymathew · January 20, 2005, 10:34pm

Hi,

We are trying to setup delivery to TP using Primary https. We are getting the following error:

Delivery service for 50ia0p0v068g00uk000000g9 failed with a status of fail and status message of com.wm.app.b2b.server.ServiceException: java.io.IOException: java.net.ConnectException: Connection timed out: connect

We want to confirm if what we are doing is correct:

Imported Partners Public Key into IS
Placed the CA Certificate of the TP on IS
In the profile of the TP, used Primary https delivery method
Used the TP’s public cert and CA Cert in the encrypt tab of security in TNC.

What are we missing or doing incorrect? We have checked http posting. It works

raymoser · January 20, 2005, 11:30pm

You may want to check your fire wall to make sure that the port is mapped all the way through.

Ray

nancymathew · January 20, 2005, 11:49pm

Yes it is confirmed. Also, the certificate of the TN has a mismatch of name on site and certificate. I remember there is a setting which connects even if there are expired chains. Is there a setting to ignore the mismatch. Could this be the reason?

Also, I assume since you didn’t mention we haven’t missed any step from WM point of view?

raymoser · January 21, 2005, 12:13am

The TN certificate should match. Otherwise, why bother to use certificates at all?

One thing you can do is bump up the logging level to see MORE information so you can get the specifics if necessary.

Ray

nancymathew · January 21, 2005, 12:29am

We synched up the names. Yet problem persists. I will bump up the logging and see whats going on.

raymoser · January 21, 2005, 12:40am

You may need to restart the server to get the changes to take affect.

Ray

nancymathew · January 21, 2005, 1:12am

Didn’t work…Still timesout. Didn;t get any clue thru error logs either.

taro1 · January 26, 2005, 2:03am

As Ray mentioned, make sure that your firewall is open to go out. Also, the firewall (if any) on your partner’s side is allowing external connections (from your IP - if IP restricted). Try to accessing the URL using the browser.

~tS

nancymathew · January 26, 2005, 5:28am

I created the profile again and it worked. I am guessing some typo must have caused the issue.

Seems the following are the causes for timeouts:

Misspelt Site
Wrong Port
Wrong Certificate
Firewall not letting you through.

If the site opens up in the browser we can eliminate the Option 4.