Skip to main content
Waters Employee Login
 
Waters

How to use SSLTap to troubleshoot SSL connection errors in NuGenesis - WKB7441

  1. Last updated
  2. Save as PDF
Article number: 7441

OBJECTIVE or GOAL

Troubleshoot errors with SSL or TLS connections generally, and with SSL-LDAP connections in particular, in NuGenesis software.

ENVIRONMENT

  • NuGenesis 9
  • NuGenesis 8

PROCEDURE

  1. SSLTap does not come with the NuGenesis software distribution. See the article "What troubleshooting tools are available for NuGenesis software?" for instructions on getting a copy of the tool and the "SSLTap_r2.bat" batch script
  2. Edit the "SSLTap_r2.bat" file in Notepad
  3. Look for the text LDAP_DIRECTORY_SERVER= in the Modifiable section of the script.  Type the fully-qualified name of the LDAP server to the right of the equals sign
  4. Look for the text LDAP_SSL_PORT_NUMBER= in the Modifiable section of the script.  This variable sets the listener port number for LDAPS.  It defaults to 636.  For NuGenesis 9.0 and 9.1 (which use the STARTTLS extension via port 389), replace 636 with 389.  If a non-default listener port is used, then enter that number here
  5. Save and close "SSLTap_r2.bat"
  6. Run SSLTap_r2.bat in an elevated command prompt on an SDMS Administrator client or on the SDMS web server
  7. SSLTap will connect to the server name and port as specified in the batch script.  It will listen for SSL/TLS connections on a port on the local machine. The default port is 1924
  8. Within SDMS Administrator, open the server properties, and then click Authentication Settings
  9. Modify the servername and port of the first LDAP server in the list to:
    1. Host name: Enter the host name where the SSLTap process is currently running
    2. Port: Enter the listener port for SSLTap. This port is 1924 by default
  10. Click the Test Connection button in SDMS Administrator. The NuGenesis software initiates an SSL Connection with SSLTap. The tool forwards the connection on to the actual SSL server and forwards the server's reply to SDMS Administrator.
  11. SSLTap displays the unencrypted SSL packet information in the command prompt. Any certificates sent as part of the SSL connection—by either end of the connection—will be saved to files on disk.  The certificate files will be named cert.001, cert.002, etc, in the same directory as ssltap.exe
  12. Consult the output from SSLTap, and the saved certificate files, to determine the cause of the connection failure.

ADDITIONAL INFORMATION

 

id7441, SUPNG

Not able to find a solution? Click here to request help.