locked
BizTalk 2013 R2: Where to find SSL handshaking logs RRS feed

  • Question

  • Dear Friends,

    In BizTalk 2013 R2, How to increase the debug levels to see detailed HTTPS SSL logs like below. Thanks

    [SAP SSL debug log:

    ssl_debug(15): Sending v3 client_hello message to services.bloomberg.com:443, requesting version 3.1...

    ssl_debug(15): Received v3 server_hello handshake message.

    ssl_debug(15): Server selected SSL version 3.1.

    ssl_debug(15): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA

    ssl_debug(15): Received certificate handshake message with server certificate.

    ssl_debug(15): Server sent a 2048 bit RSA certificate, chain has 3 elements.

    ssl_debug(15):   CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US

    ssl_debug(15):   CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US

    ssl_debug(15): Received server_hello_done handshake message.

    ssl_debug(15): Received alert message: Alert Fatal: decrypt error

    ssl_debug(15): SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error

    ssl_debug(15): Shutting down SSL layer...]

    Thursday, February 4, 2016 11:45 AM

Answers

  • Glad to hear on another thread that you have solved this issue using Wireshark. The best way to troubleshoot such issue is to run Wireshark, and see SSL packets for your connection, they are very good explained in Wireshark.

    OP statement "As per WireShark, we find out the handshake issue due to wrong client cert."



    Rachit Sikroria (Microsoft Azure MVP)

    Sunday, February 7, 2016 3:50 PM
    Moderator

All replies

  • What problem are you having? The ultimate error message is usually pretty descriptive, and accurate.

    Thursday, February 4, 2016 12:23 PM
    Moderator
  • Hi Soori,

    Thank you for posting on MSDN forum.

    Please have a look into below article that might be helpful,

    SSL Handshake and HTTPS Bindings on IIS


    Thanks,

    If my reply is helpful please mark as Answer or vote as Helpful.

    My blog | Twitter | LinkedIn

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, February 4, 2016 6:30 PM
    Moderator
  • Hi Soori ,

    If you are getting any exception while doing HTTP Communication , you will be getting some exception as well .

    Sharing the exception message will be good go provide for accurate resolution .

    Anyways you can see IIS logs on the server and do some communication tracing with http tools .

    Below link can help you

    http://blogs.msdn.com/b/saurabs/archive/2012/04/27/monitor-certificate-ssl-handshake.aspx

    Thanks

    Abhishek


    If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply

    Thursday, February 4, 2016 7:18 PM
  • Dear Abhishek,

    We have recently installed BizTalk 2013 R2 and developed the first simple application to pic the file from folder and send to external URL (https://203.116.xx.xxx:443/invoke/xxxxx.inbound/Receive ) via Send port.

    We have opened the port 443 in firewall and configured the client certificates correctly. But still we are getting below error message. Do we need to add port 443 in IIS? Did we miss any other configuration in BizTalk? Please advise. thanks

    The request was aborted: Could not create SSL/TLS secure channel.

    Sunday, February 7, 2016 8:23 AM
  • Glad to hear on another thread that you have solved this issue using Wireshark. The best way to troubleshoot such issue is to run Wireshark, and see SSL packets for your connection, they are very good explained in Wireshark.

    OP statement "As per WireShark, we find out the handshake issue due to wrong client cert."



    Rachit Sikroria (Microsoft Azure MVP)

    Sunday, February 7, 2016 3:50 PM
    Moderator
  • Dear Abhishek,

    We have recently installed BizTalk 2013 R2 and developed the first simple application to pic the file from folder and send to external URL (https://203.116.xx.xxx:443/invoke/xxxxx.inbound/Receive ) via Send port.

    We have opened the port 443 in firewall and configured the client certificates correctly. But still we are getting below error message. Do we need to add port 443 in IIS? Did we miss any other configuration in BizTalk? Please advise. thanks

    The request was aborted: Could not create SSL/TLS secure channel.

    It definitely sounds like a problem with your client certificates. These can be tricky to get set up correctly as you've found. The links from Steef-Jan are all good information. I'd also suggest test whether you can establish connectivity using SoapUI with a sample request. This might give you some indication of where the problem lies:

    http://geekswithblogs.net/gvdmaaden/archive/2011/02/24/how-to-configure-soapui-with-client-certificate-authentication.aspx

    Also Wireshark has given you better option for your error resolution .

    Thanks

    Abhishek



    If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply


    Monday, February 8, 2016 8:42 PM