Archived Forum Post

Index of archived forum posts

Question:

The problem with certificate

May 08 '13 at 15:33

Hello, I ran into a problem with the certificate when communicating with health portal. If you do not have in the store windows imported QCA or VCA certificate and will use PFX file communication with the portal without a problem. If you want to use a certificate from a store or if you use PFX file, while the certificate in the store windows over communication error 10054 (existing connection was forcibly closed by the remote host). Where do I find a bug? Thanks for the advice J. Bureš


Answer

It's impossible to say without more information.

My guess is that you're trying to use a client certificate (i.e. two-way SSL/TLS) with the connection so that the server can authenticate you. If not using the latest version of Chilkat, make sure to update because over the years issues relating to this may have been fixed.

Usually, a "connection forcibly closed" error in conjunction with using client-side certificates in SSL/TLS indicates that an invalid certificate was used, or maybe something was wrong w/the communications. Test using the latest version of Chilkat. Also, post the LastErrorText captured after whatever method call fails.


Answer

I tested it on the latest version (9.4.0). I enclose a list of the log.

ChilkatLog: SynchronousRequest: DllDate: Dec 12 2012 UnlockPrefix: 30277129240 Username: PC:Bures Architecture: Little Endian; 32-bit Language: ActiveX VerboseLogging: 1 domain: https://simu.b2b.vzp.cz port: 443 ssl: 1 RequestData: HttpVersion: 1.1 Verb: POST Path: /B2BProxy/HttpProxy/SIMUstavPojisteniB2B Charset: windows-1250 SendCharset: 0 MimeHeader: Content-Type: text/xml soapAction: "process" --RequestData ReadTimeout: 20 ConnectTimeout: 10 RequestData: HttpVersion: 1.1 Verb: POST Path: /B2BProxy/HttpProxy/SIMUstavPojisteniB2B Charset: windows-1250 SendCharset: 0 MimeHeader: Content-Type: text/xml soapAction: "process" --RequestData HttpOptions: Accept: / AcceptCharset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 AcceptLanguage: en-us,en;q=0.5 AddHostHeader: 1 AllowCookieResponseCaching: 0 AllowGzip: 1 ConnectionHeader: Keep-Alive ConnectTimeoutSec: 10 CookieDir: DigestAuth: 0 FollowRedirects: 1 HeartbeatMs: 0 HttpMethod: Login: LoginDomain: MaxResponseSize: 0 MaxUrlLen: 2000 MimicFirefox: 0 MimicIE: 0 NegotiateAuth: 0 NTLMAuth: 0 PasswordLen: 0 ProxyHostname: ProxyLogin: ProxyLogin: ProxyAuthDomain: ProxyPasswordLen: 0 ProxyPort: 80 ReadTimeoutSec: 20 Referer: RequiredContentType: ResumePoint: 0 SaveCookies: 1 SendBufferSize: 65535 SendCookies: 1 SslProtocol: TLS 1.0 UnavailableRetryCount: 0 UnavailableRetryWaitMs: 2000 UserAgent: Chilkat/1.0.0 (+http://www.chilkatsoft.com/ChilkatHttpUA.asp) --HttpOptions httpConnect: hostname: simu.b2b.vzp.cz port: 443 ssl: 1 Need to establish connection to the HTTP server... ConnectTimeoutMs_1: 10000 calling ConnectSocket2 IPV6 enabled connect with NO heartbeat. connectingTo: simu.b2b.vzp.cz resolveHostname1: dnsCacheLookup: simu.b2b.vzp.cz Resolving domain name (IPV4) --resolveHostname1 GetHostByNameHB_ipv4: Elapsed time: 16 millisec myIP_1: 192.168.1.109 myPort_1: 57328 connect successful (1) clientHelloMajorMinorVersion: 3.1 buildClientHello: majorVersion: 3 minorVersion: 1 numRandomBytes: 32 sessionIdSize: 0 numCipherSuites: 10 numCompressionMethods: 1 --buildClientHello readIncomingTls_serverHello: processTlsRecord: processHandshake: handshakeMessageType: ServerHello handshakeMessageLen: 0x46 processHandshakeMessage: MessageType: ServerHello Processing ServerHello... ServerHello: MajorVersion: 3 MinorVersion: 1 SessionIdLen: 32 CipherSuite: RSA_WITH_RC4_128_SHA CipherSuite: 00,05 CompressionMethod: 0 Queueing ServerHello message. ServerHello is OK. --ServerHello --processHandshakeMessage --processHandshake --processTlsRecord --readIncomingTls_serverHello HandshakeQueue: MessageType: ServerHello --HandshakeQueue Dequeued ServerHello message. readIncomingTls_6: processTlsRecord: processHandshake: handshakeMessageType: Certificate handshakeMessageLen: 0x8d7 processHandshakeMessage: MessageType: Certificate ProcessCertificates: Certificate: derSize: 1184 certSubjectCN: simu.b2b.vzp.cz certSerial: 1BA2A9 certIssuerCN: I.CA - Standard Certification Authority, 09/2009 --Certificate Certificate: derSize: 1070 certSubjectCN: I.CA - Standard Certification Authority, 09/2009 certSerial: 16E360 certIssuerCN: I.CA - Standard Certification Authority, 09/2009 --Certificate NumCertificates: 2 Queueing Certificates message... --ProcessCertificates --processHandshakeMessage --processHandshake --processTlsRecord --readIncomingTls_6 Dequeued Certificate message. readIncomingTls_6: processTlsRecord: processHandshake: handshakeMessageType: CertificateRequest handshakeMessageLen: 0xe59 processHandshakeMessage: MessageType: CertificateRequest CertificateRequest: NumCertificateTypes: 1 Certificate Type: RSA Sign totalLen: 3669 DistinguishedName: C=CZ, O=Vseobecna zdravotni pojistovna Ceske republiky, CN=VZP-Root-CA DistinguishedName: C=CZ, O=Vseobecna zdravotni pojistovna Ceske republiky, CN=VZP-Policy-CA DistinguishedName: C=CZ, O=Vseobecna zdravotni pojistovna Ceske republiky, CN=VZP-Intranet-CA DistinguishedName: C=CZ, O=eIdentity a.s., OU=Akreditovaný poskytovatel certifikačních služeb, L="Vinohradská 184/2396, 130 00, Praha 3", CN=CCAeID2 - Commercial Certificate Authority (kvalifikovaný systémový certifikát komerční CA) DistinguishedName: C=CZ, O=eIdentity a.s., OU=Akreditovaný poskytovatel certifikačních služeb, L="Vinohradská 184, 130 00, Praha 3", CN=CCAeID - Commercial Certificate Authority (certifikát komerční certifikační autority) DistinguishedName: C=CZ, O=eIdentity a.s., OU=Akreditovaný poskytovatel certifikačních služeb, L="Vinohradská 184, 130 00, Praha 3", CN=ACAeID - Qualified Root Certificate (kvalifikovaný systémový certifikát kořenové CA) DistinguishedName: C=CZ, O=eIdentity a.s., OU=Akreditovaný poskytovatel certifikačních služeb, L="Vinohradská 184/2396, 130 00, Praha 3", CN=ACAeID2 - Qualified Issuing Certificate (kvalifikovaný systémový certifikát vydávající CA) DistinguishedName: C=CZ, O=eIdentity a.s., OU=Akreditovaný poskytovatel certifikačních služeb, L="Vinohradská 184/2396, 130 00, Praha 3", CN=ACAeID2 - Qualified Root Certificate (kvalifikovaný systémový certifikát kořenové CA) DistinguishedName: DC=cz, DC=gemsystem, DC=office, CN=CAGemTest DistinguishedName: C=CZ, CN="I.CA - Qualified Certification Authority, 09/2009", O="První certifikační autorita, a.s.", OU=I.CA - Accredited Provider of Certification Services DistinguishedName: C=CZ, CN=I.CA - Qualified root certificate, O="První certifikační autorita, a.s." DistinguishedName: C=CZ, CN="I.CA - Standard Certification Authority, 09/2009", O="První certifikační autorita, a.s.", OU=I.CA - Provider of Certification Services DistinguishedName: C=CZ, CN=I.CA - Standard root certificate, O=Prvni certifikacni autorita a.s. DistinguishedName: C=CZ, O=Komercni banka, OU=Sprava PKI, CN=Certifikacni autorita KB DistinguishedName: C=CZ, O=Komercni banka, OU=KB PKI Executive, CN=DCS CA KB DistinguishedName: C=CZ, O=Komercni banka, OU=Direct Channel Systems, CN=ROOT CA KB DistinguishedName: C=CZ, O="Česká pošta, s.p. [IČ 47114983]", CN=PostSignum Public CA DistinguishedName: C=CZ, O="Česká pošta, s.p. [IČ 47114983]", CN=PostSignum Public CA 2 DistinguishedName: C=CZ, O="Česká pošta, s.p. [IČ 47114983]", CN=PostSignum Qualified CA DistinguishedName: C=CZ, O="Česká pošta, s.p. [IČ 47114983]", CN=PostSignum Qualified CA 2 DistinguishedName: C=CZ, O="Česká pošta, s.p. [IČ 47114983]", CN=PostSignum Root QCA DistinguishedName: C=CZ, O="Česká pošta, s.p. [IČ 47114983]", CN=PostSignum Root QCA 2 DistinguishedName: CN=VZP-CR-Portal-CA DistinguishedName: E=rootCA@vzp.cz, C=CZ, O=VZP, OU=CA, CN=VZP CR Root CA DistinguishedName: E=subCA@vzp.cz, C=CZ, O=VZP, OU=CA-W3K, CN=VZP CR Subordinate CA DistinguishedName: CN=MZ CR Root CA DistinguishedName: CN=SUKL Intermediate CA DistinguishedName: CN=SUKL Services CA DistinguishedName: C=CZ, O=Komercni banka, OU=KB PKI Executive, CN=DCS CA KB DistinguishedName: C=CZ, L=Praha, O=SZR CR, CN=ROOT CA SZR DistinguishedName: C=CZ, L=Praha, O=SZR CR, CN=ISZR AIS CA NumDistinguishedNames: 31 CertificateRequest message is OK. Queueing CertificateRequest message. --CertificateRequest --processHandshakeMessage --processHandshake --processTlsRecord --readIncomingTls_6 Dequeued CertificateRequest message. readIncomingTls_6: processTlsRecord: processHandshake: handshakeMessageType: ServerHelloDone handshakeMessageLen: 0x0 processHandshakeMessage: MessageType: ServerHelloDone Queueing HelloDone message. --processHandshakeMessage --processHandshake --processTlsRecord --readIncomingTls_6 DequeuedMessageType: ServerHelloDone OK to ServerHelloDone! Sending 0-length certificate (this is normal). CertificatesMessage: numCerts: 0 CertificateSize: 0x3 --CertificatesMessage Encrypted pre-master secret with server certificate RSA public key is OK. Sending ClientKeyExchange... Sent ClientKeyExchange message. Sending ChangeCipherSpec... Sent ChangeCipherSpec message. Derived keys. Installed new outgoing security params. Sending FINISHED message.. algorithm: arc4 keyLength: 128 Sent FINISHED message.. readIncomingTls_changeCipherSpec2: readTlsRecord: WindowsError: Stvajc pipojen bylo vynucen ukoneno vzdlenm hostitelem. WindowsErrorCode: 0x2746 numBytesRequested: 5 Failed to receive data on the TCP socket Failed to read beginning of SSL/TLS record. --readTlsRecord --readIncomingTls_changeCipherSpec2 Failed to read incoming handshake messages. (3) Client handshake failed. (3) Failed to connect. --httpConnect connectTime1: Elapsed time: 63 millisec totalTime: Elapsed time: 63 millisec Failed. --SynchronousRequest --ChilkatLog