Smarts NCM / Voyence Control: How do I test an external NCM SSL connection?
search cancel

Smarts NCM / Voyence Control: How do I test an external NCM SSL connection?

book

Article ID: 331138

calendar_today

Updated On:

Products

VMware Smart Assurance

Environment

VMware Smart Assurance - NCM

Resolution

It is possible to test Secure Socket Layer (SSL) connectivity to a port on an NCM Application Server host from an external host or workstation using OpenSSL. OpenSSL is a free, open-source SSL distribution which is utilized internally by NCM and which can be dowloaded and installed on other hosts or workstations to test or establish production SSL connectivity to the NCM AS host. It is a fork and successor to the SSLeay open source SSL project. The Apache  1.0 and SSLeay Licenses apply.

To use OpenSSL to test SSL connectivity to the NCM AS host, do as follows:

  1. Log into a command line shell as 'root' (Linux) or an elevated command prompt using an account with full local administrator privileges (windows) on the machine that is external to the NCM AS host.
  1. Run the following command to verify that OpenSSL is installed and running on the machine (If your host or workstation does not already have OpenSSL installed, it can be downloaded from https://www.openssl.org/):

openssl version

  1. Run the following command to open an SSL connection to the NCM AS (Application Server) host:

openssl s_client -connect {NCM AS Host IP}:443 -CApath {NCM Home Path}/conf/CA/

  1. Verify the connection was successful by confirming that the openssl command result contains the following strings (connected code and actual bytes read and written may vary):

"CONNECTED(00000003)"
"
SSL handshake has read 2987 bytes and written 447 bytes"

For example:

[root@ssl_client_host ~]# openssl s_client -connect 10.10.1.1:443 -CApath /opt/smarts-ncm/conf/CA/
CONNECTED(00000003)
depth=1 /C=IN/ST=Kar/L=Bangalore/O=EMC/OU=NCM/CN=MASTERKEY/[email protected]
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/C=US/ST=Texas/L=Richardson/O=EMC/OU=NCM/CN=lab94as.smrtsupport.local/[email protected]
   i:/C=IN/ST=Kar/L=Bangalore/O=EMC/OU=NCM/CN=MASTERKEY/[email protected]
 1 s:/C=IN/ST=Kar/L=Bangalore/O=EMC/OU=NCM/CN=MASTERKEY/[email protected]
   i:/C=IN/ST=Kar/L=Bangalore/O=EMC/OU=NCM/CN=MASTERKEY/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEGDCCAwCgAwIBAgIDAIBJMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAklO
MQwwCgYDVQQIDANLYXIxEjAQBgNVBAcMCUJhbmdhbG9yZTEMMAoGA1UECgwDRU1D
MQwwCgYDVQQLDANOQ00xEjAQBgNVBAMMCU1BU1RFUktFWTEcMBoGCSqGSIb3DQEJ
ARYNYWRtaW5AZW1jLmNvbTAeFw0wMTAxMDEwMDAwMDBaFw0yNTAzMjcxOTAxMTFa
MIGiMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEzARBgNVBAcMClJpY2hh
cmRzb24xDDAKBgNVBAoMA0VNQzEMMAoGA1UECwwDTkNNMSIwIAYDVQQDDBlsYWI5
NGFzLnNtcnRzdXBwb3J0LmxvY2FsMS4wLAYJKoZIhvcNAQkBFh9Wb3llbmNlLUN1
c3RvbWVyU3VwcG9ydEBlbWMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAuHdWBWlQDUsqMBFK1ZheKsmK0B49yWPr9UXmHmEOKrdhHHbTOknCGjEr
R3c9IVDNB9dgoVSLfDTo5BCJm+dLOCNC4tu+3m06K8TqfVqhfARxspOCdEHwsPPP
HOa/mbI5Ro52fd3l55jHEMRTT450JlFX8PQ6uhwt66FB60ZZ83MO07vqrxXGh6YI
J11hPc5DWNBD2klODD56gbMoMUXwU9wcl/7xN5cB5q7O/BTtJdrucCwsI1fmY2Fs
+G9iC6rXJaHWSIJ0Wg0QQxBD3Gxmi4tsPDf3UeEXReKtDcRsmIjpKpCRkc5iv4Gu
QGGI8hXHbST2TqFtQSCvtNTCv0S3xwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUvT1/cBCUROsQxZ0zFVaRKYAFcGEwHwYDVR0jBBgwFoAUzlpreNu+uYP180/j
kcTd8Sz7H68wDQYJKoZIhvcNAQELBQADggEBAHpVCA672de4WDKfdBfVQkt7Gder
ntK7Fi31px9aOxYIZVnx9v63USBlQ+zc9QVg+tS56MRQlG4TkA8RtJ/1C8msBhMt
Q6BfYRyRFEV+IEK/LICB1jaswLoiZb0v7UOcaK7O3kCol9ShWUkj3CyAUowISO4B
8shLPdJNu3PAcLVaEtwtISbEfyIpNukAEfppN2zeoMkLdcdBmpCF0NouF8sv9bsG
uL26t0JO0xY/scXNc8ha8xEuLHYY0jzexAvpGKwADX4k7EK+/Ban4EkEX232dqT9
oLwclqobg89xUMPtIrzgxUWvKMLBvqK5EMI8hAAAm4aNIeAPe75sJUeQbig=
-----END CERTIFICATE-----
subject=/C=US/ST=Texas/L=Richardson/O=EMC/OU=NCM/CN=lab94as.smrtsupport.local/[email protected]
issuer=/C=IN/ST=Kar/L=Bangalore/O=EMC/OU=NCM/CN=MASTERKEY/[email protected]
---
No client certificate CA names sent
---
SSL handshake has read 2987 bytes and written 447 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: F3E9B904396A39518770BE807E46C96FD639CFB92A54B384C3E02B7CD400BAAD
    Session-ID-ctx:
    Master-Key: 287E27241D99324FB1C2F8E7C1378EA1BF3411DFDA35E2339ACEE616334F635DF6A58C0F2A86DB3F20AEEAF298FDAD80
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1462891174
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---