Adtran
Help
The Adtran community holiday season is starting next week! The holiday period will span from December 21, 2024 to January 6, 2025. During this time, responses to feedback form submissions may be delayed. If you are encountering product issues, you can reach out to Adtran support at any time.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable
‎03-29-2017 03:01 PM

TA908e SIP TLS not working with Sansay VSXi

I'm trying to establish SIP TLS between our TA908e 3rd gen and a Sansay VSXi using mutual authentication.  When attempting an inbound call to the TA908e, running debug on the CLI, I get the following output.

14:27:50.658 TLS.SIP NEGOTIATION Successfully found TLS engine and profile (Netrio) for remoteIP 74.120.83.159

14:27:50.659 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsSequenceStarting: Prerequisite setup complete and TLS connection details cached

14:27:50.659 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsSequenceStarting: TLS engine details:

14:27:50.660 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsSequenceStarting:                   : Role: client-only

14:27:50.660 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsSequenceStarting:                   : Persistent connections: yes

14:27:50.660 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsSequenceStarting:                   : Registered peers: 74.120.83.159

14:27:50.660 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsSequenceStarting:                   : Known peers: 74.120.83.159

14:27:50.661 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsStateChanged: tlsConnectionState_HandshakeReady

14:27:50.661 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsStateChanged: ERROR! Could not start TLS handshake for mutual authentication - error(-4)

14:27:50.667 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsStateChanged: tlsConnectionState_HandshakeFailed

14:27:50.670 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsStateChanged: tlsConnectionState_TlsTerminated

Does anyone know what ERROR! Could not start TLS handshake for mutual authentication - error(-4) means?

Labels (1)
Labels
0 Kudos
Reply
2 Replies
Anonymous
Not applicable
‎04-05-2017 10:36 AM

Re: TA908e SIP TLS not working with Sansay VSXi

Scott, it appears you've opened a support ticket on this. If you wouldn't mind, please post your findings so they can be of help to other users. Thanks

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎06-09-2017 01:19 PM

Re: TA908e SIP TLS not working with Sansay VSXi

ERROR! Could not start TLS handshake for mutual authentication - error(-4) turned out to be caused because we didn't have a client side certificate loaded, only the root CA certificate.  After completing the CSR and getting the certificate back from our certificate authority, we loaded it and handshake was successful.

0 Kudos
Accept as Solution Reply