RES ONE Workspace Portable Relay Server: “Not accepting invalid (self-signed) certificates” after installation

Version 1

    Problem

    After installing the RES ONE Workspace Portable Relay Server for Linux the communication fails.
    As a result the RES ONE Workspace Portable Relay Server is not visible in the RES ONE Workspace Console.
    The following can be found in the log of the RES ONE Workspace Portable Relay Server (the interesting parts are highlighted):


    2017-03-27 13:26:45:139563 - 0x00007f6437eee880 - Error - SocketConnection - at bool SocketConnection::verifyCertificate(bool, boost::asio::ssl::verify_context&, const string&) - Not accepting invalid (self-signed) certificates
    2017-03-27 13:26:45:139628 - 0x00007f6437eee880 - Error - SocketConnection - at SocketConnection::switchToSSL(boost::asio::ssl::context&, const string&, std::function<void(bool)>)::<lambda(const boost::system::error_code&)> - Error in Server TLS Handshake [10.1.14.5:1943]: certificate verify failed


     

    Cause

    The upstream RES ONE Workspace Relay Server uses a self-signed certificate.
    A self-signed certificate is by default not accepted as this is not secure.


     

    Solution

    Configure the upstream RES ONE Workspace Relay Server to use a custom certificate.
    Make sure that all machines that connect to the RES ONE Workspace Relay Server trust the custom certificate.

    Workaround:
    For testing purposes the RES ONE Workspace Portable Relay Server for Linux can be configured to accept self-signed certificates.
    This can be achieved by adding AcceptSelfSignedCertificate=Yes to the Security section of /etc/res/relayserver-config.xml.

    Example (part of /etc/res/relayserver-config.xml):

    <Security>
        <TLSMinimumProtocolVersion>1.0</TLSMinimumProtocolVersion>
        <CertificateKeyFile>/etc/res/relayserver.key</CertificateKeyFile>
        <CertificateFile>/etc/res/relayserver.crt</CertificateFile>
        <AcceptSelfSignedCertificate>yes</AcceptSelfSignedCertificate>
    </Security>


    Note:
    See the article ' HOWTO: Configure custom certificates for the downstream communication of the RES ONE Workspace Portable Relay Server' for a more secure solution.