Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable
‎03-29-2017 03:01 PM

TA908e SIP TLS not working with Sansay VSXi

I'm trying to establish SIP TLS between our TA908e 3rd gen and a Sansay VSXi using mutual authentication.  When attempting an inbound call to the TA908e, running debug on the CLI, I get the following output.

14:27:50.658 TLS.SIP NEGOTIATION Successfully found TLS engine and profile (Netrio) for remoteIP 74.120.83.159

14:27:50.659 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsSequenceStarting: Prerequisite setup complete and TLS connection details cached

14:27:50.659 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsSequenceStarting: TLS engine details:

14:27:50.660 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsSequenceStarting:                   : Role: client-only

14:27:50.660 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsSequenceStarting:                   : Persistent connections: yes

14:27:50.660 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsSequenceStarting:                   : Registered peers: 74.120.83.159

14:27:50.660 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsSequenceStarting:                   : Known peers: 74.120.83.159

14:27:50.661 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsStateChanged: tlsConnectionState_HandshakeReady

14:27:50.661 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsStateChanged: ERROR! Could not start TLS handshake for mutual authentication - error(-4)

14:27:50.667 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsStateChanged: tlsConnectionState_HandshakeFailed

14:27:50.670 TLS.SIP NEGOTIATION Server(63.149.180.42:5061) <=> (74.120.83.159:20702)| transportConnectionTlsStateChanged: tlsConnectionState_TlsTerminated

Does anyone know what ERROR! Could not start TLS handshake for mutual authentication - error(-4) means?

Labels (1)
Labels
0 Kudos
Reply
2 Replies
Anonymous
Not applicable
‎04-05-2017 10:36 AM

Re: TA908e SIP TLS not working with Sansay VSXi

Scott, it appears you've opened a support ticket on this. If you wouldn't mind, please post your findings so they can be of help to other users. Thanks

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎06-09-2017 01:19 PM

Re: TA908e SIP TLS not working with Sansay VSXi

ERROR! Could not start TLS handshake for mutual authentication - error(-4) turned out to be caused because we didn't have a client side certificate loaded, only the root CA certificate.  After completing the CSR and getting the certificate back from our certificate authority, we loaded it and handshake was successful.

0 Kudos
Accept as Solution Reply