RES ONE Workspace Portable Relay Server: “Error in Client TLS Handshake (…) no shared cipher” after implementing certificates

Version 1
Created by marc.vanderwijst on Apr 4, 2017 7:36 AM. Last modified by marc.vanderwijst on Aug 6, 2018 2:37 PM.

    Problem

    After implementing certificates on the RES ONE Workspace Portable Relay Server for Linux the communication fails.
    As a result the RES ONE Workspace Agents or downstream RES ONE Workspace Portable Relay Servers are not visible in the RES ONE Workspace Console.
    The following can be found in the log of the RES ONE Workspace Portable Relay Server (the interesting parts are highlighted):

    2017-03-21 13:13:59:371481 - 0x00007f42459d4880 - Error - ClientConnectionManager - at void ClientConnectionManager::useConfiguredCertificate(const ConnectionSettings&) - File /etc/res/relayserver.crt Error Permission denied
    2017-03-21 13:13:59:371791 - 0x00007f42459d4880 - Error - ClientConnectionManager - at void ClientConnectionManager::useConfiguredCertificate(const ConnectionSettings&) - Key File /etc/res/relayserver.key Error Permission denied
    2017-03-21 13:14:22:771770 - 0x00007f42459d4880 - Error - SocketConnection - at SocketConnection::switchToSSL(boost::asio::ssl::context&, const string&, std::function<void(bool)>)::<lambda(const boost::system::error_code&)> - Error in Client TLS Handshake [172.24.0.161:48824]: no shared cipher
    2017-03-21 13:14:27:797551 - 0x00007f42459d4880 - Error - SocketConnection - at SocketConnection::switchToSSL(boost::asio::ssl::context&, const string&, std::function<void(bool)>)::<lambda(const boost::system::error_code&)> - Error in Client TLS Handshake [172.24.0.161:48826]: no shared cipher

     

    Cause

    The service cannot read the certificate files.

     

    Solution

    Change the owner of /etc/res/relayserver.crt and /etc/res/relayserver.key to the account that is used on the service.

    chown res-relayserver:res-relayserver /etc/res/relayserver.*