cms 17 SAL gateway could not connect to SAL concentrator

Doc ID    SOLN287742
Version:    2.0
Status:    Published
Published date:    04 May 2016
Created Date:    20 Apr 2016
Author:   
Ming Jiang
 

Details

CMS R17 R4 EMBEDDED SAL CANNOT CONNECT TO SAL CRS
current SAL GW version is 2.2, which is not supporting the SHA2 algorithm.
agateway.Version=2.2.0.0.25CMS R17 R4 EMBEDDED SAL CANNOT CONNECT TO SAL CRSCMS R17 R4 EMBEDDED SAL CANNOT CONNECT TO SAL CRSCMS R17 R4 EMBEDDED SAL CANNOT CONNECT TO SAL CRS

Problem Clarification

customer upgrade their SAL concentrator and enabled the SHA-2 verification. However, seems CMS SAL could not get through.

1.       from xGate.log, it is certificate issue.

 

                [ 0,  3,  7, 222] 04-08-2016 11:06:26.875 INFO    xgEnterpriseProxy: Performing automatic proxy detection for server https://salremote.ap.dimensiondata.com/eMessage

[ 0,  9, 44, 1019] 04-08-2016 11:06:26.922 ERROR-- xgPKIManager: Failure verifying certificate: profile=TrustedAuthorities:

[ 0,  9, 44, 121] 04-08-2016 11:06:26.922 ERROR-- xgPKIManager:     Subject:

[ 0,  9, 44, 121] 04-08-2016 11:06:26.923 ERROR-- xgPKIManager:         C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA

[ 0,  9, 44, 121] 04-08-2016 11:06:26.923 ERROR-- xgPKIManager:     Issuer:

[ 0,  9, 44, 121] 04-08-2016 11:06:26.923 ERROR-- xgPKIManager:         C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA

[ 0,  9, 44, 121] 04-08-2016 11:06:26.923 ERROR-- xgPKIManager: certificate signature failure

[ 0,  9, 44, 121] 04-08-2016 11:06:26.923 ERROR-- xgPKIManager: function=ASN1_verify, error=unknown message digest algorithm

[ 0,  9,  7, 227] 04-08-2016 11:06:26.923 ERROR-- xgEnterpriseProxy: Web Client (https://salremote.ap.dimensiondata.com/eMessage): SSL: server's certificate verification failed

[ 0,  3,  7, 230] 04-08-2016 11:06:26.923 INFO    xgEnterpriseProxy: Setting proxy configuration

[ 0,  3,  7, 642] 04-08-2016 11:06:26.924 INFO    xgEnterpriseProxy: No HTTP proxy server used

[ 0,  3,  7, 644] 04-08-2016 11:06:26.924 INFO    xgEnterpriseProxy: No SOCKS proxy server used

 

[ 0,  3,  7, 222] 04-08-2016 11:06:29.445 INFO    xgEnterpriseProxy: Performing automatic proxy detection for server https://sl1.sal.avaya.com/eMessage

Cause

CMS SAL gateway is just residing on the CMS server. They are to follow the same SAL Implementation Guide as if it were not embedded on the CMS. Their SAL GW is currently under version 2.2, which is not supporting the SHA2 algorithm.

Solution

Customer upgraded the CMS SAL gateway with ADS 2.5 SP2 & with some tweakings, I managed to get the SAL gateway registered to the SAL remote concentrator

CMS R17 and R18 should support support SHA2 and the embedded SALGW, which should be Linux OS, should be configured by the SAL engineers as any SALGW, it just resides on the CMS server. They are to follow the same SAL Implementation Guide as if it were not embedded on the CMS.

CMS provided the method for a inexpensive way to have SAL. From the cmssal.readme:

This package is provided as a convenience for our valued CMS customers that
choose to run the Linux version of CMS. The Linux version of CMS has the
ability to run SAL on the same platform as CMS. This should only be used
when there is no other separate SAL system available for use and purchase
of a standalone SAL server is not cost effective.


Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy