Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

test-as.sgx.trustedservices.intel.com reject the TLS connection

Mon__Eddie
Beginner
‎06-04-2018 12:36 PM
2,332 Views

I just received the access confirmation for test-as.sgx.trutedservices.intel.com  but when I try to test it by:

"curl -v --tlsv1.2 --key ./testCertKey.pem --cert ./testCert.pem https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/sigrl/0000ae0 "

The IAS will terminal the TCP connection upon the client has sent "Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Encrypted Handshake Message"  handshake messages.  Curl doesn't even get a chance to send in the "Get" request to IAS for processing.   I have check that both the private key and the cert are correct and the cert is the same one I included in the access request for the test environment.   It seems like my cert is not trusted by test-as.sgx.trustedservices.intel.com. 

 

My question is, do I have to wait a few days before the registration kick into effect? If not then where do I go for support?

 

Thanks,

Eddie.

 curl --verbos --tlsv1.2 --key ./dev_builds2/testCertKey.pem --cert ./testCert.pem https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/sigrl/0000ae0 -v
*   Trying 52.0.160.62...
* TCP_NODELAY set
* Connected to test-as.sgx.trustedservices.intel.com (52.0.160.62) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS handshake, CERT verify (15):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to test-as.sgx.trustedservices.intel.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to test-as.sgx.trustedservices.intel.com:443
0 Kudos

Link Copied

24 Replies
JohnMechalas
Employee
‎06-27-2018 04:31 PM
458 Views

Goh, Nicholas wrote:

Hello John,

Unfortunately I am also facing this similar problem, are you able to help me too?

I will have the team look into your issue as well. Thank you for letting me know!

 

John

0 Kudos
Copy link
Goh__Nicholas
Beginner
‎06-29-2018 11:25 PM
458 Views

John M. (Intel) wrote:

Quote:

Goh, Nicholas wrote:

 

Hello John,

Unfortunately I am also facing this similar problem, are you able to help me too?

 

 

I will have the team look into your issue as well. Thank you for letting me know!

 

John

I am doing this for a project submission so any updates would be helpful

0 Kudos
Copy link
Yan__Yudao
Beginner
‎11-14-2018 11:53 PM
458 Views

John M. (Intel) (Intel) wrote:

We believe we have identified the root causes for each of the issues reported in this thread. As they don't all have the same cause, we'll be reaching out to you all individually.

In addition to fixing the issues, there are some changes we can make in our own processes to help identify potential problems sooner rather than later.

Hi Jogn,

I'm facing this issue as well. Is it due to the [common name] in cert mismatch the real host?

It will be helpful if any one can contact to me via mail.

Thanks!

0 Kudos
Copy link
Dailey__Matthew
Beginner
‎03-05-2019 10:47 PM
458 Views

Hello John and all,

Now I'm having the same problem with a self-signed certificate that I registered last year and was previously working. Has something changed? I have sent mail to intelapiservicesupport. Unfortunately, I don't know precisely when my certificate stopped working.

I did notice that my certificate fails openssl verify, because I didn't set the CA:true basic constraint in the config. However, the self-signing instructions for SGX don't mention this, and as I said, my certificate was working until some time in the past. Today I get the same error previous posters got because their certificate was not deployed to the test environment: curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to test-as.sgx.trustedservices.intel.com:443

Would appreciate any help anyone can offer!

Thanks,

Matt

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.