beautypg.com

Installing the deployment tool, Tls handshake failure – Siemens HIPATH V1.2.33 User Manual

Page 87

background image

Deployment Tool with TLS

87

Installing the Deployment Tool

After a first installation, the Deployment Tool will automatically be config-
ured with trusted certificates and a subject DN that match the phone’s de-
fault key material. No configuration should be necessary until the phone’s
key material is changed, by transferring new key material over the XML
management interface.

On reinstalling the Deployment Tool over an existing installation, the user
is prompted whether or not to replace the file “

.keystore”

. This is the list of

CA certificates trusted by the Tool. The user can retain any changes made
to the list, or revert to the default list.

If the user wishes to revert to the default subject DN, delete the line “Tar-
getSubjectDN=…” from the file “DeploymentTool.props” in the Tool’s in-
stallation directory.

TLS Handshake Failure

If the TLS handshake to a phone fails because the certificate chain received
by the phone cannot be validated, the Operations Pane automatically pre-
sents diagnostic information in the Handshake Failure Dialogue.

The left-side of the dialogue shows the certificates received from the
phone. For validation, the Tool attempts to form a chain from these certifi-
cates. The resulting chain, if any, is shown at the top of the left-side.
A list of additional certificates, which were received but could not be fitted
into the chain, is shown underneath. The right-side of the dialogue shows
the details of the currently-selected certificate.