Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1488 Discussions

test-as.sgx.trustedservices.intel.com reject the TLS connection

Mon__Eddie
Beginner
3,620 Views

I just received the access confirmation for test-as.sgx.trutedservices.intel.com  but when I try to test it by:

"curl -v --tlsv1.2 --key ./testCertKey.pem --cert ./testCert.pem https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/sigrl/0000ae0 "

The IAS will terminal the TCP connection upon the client has sent "Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Encrypted Handshake Message"  handshake messages.  Curl doesn't even get a chance to send in the "Get" request to IAS for processing.   I have check that both the private key and the cert are correct and the cert is the same one I included in the access request for the test environment.   It seems like my cert is not trusted by test-as.sgx.trustedservices.intel.com. 

 

My question is, do I have to wait a few days before the registration kick into effect? If not then where do I go for support?

 

Thanks,

Eddie.

 curl --verbos --tlsv1.2 --key ./dev_builds2/testCertKey.pem --cert ./testCert.pem https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/sigrl/0000ae0 -v
*   Trying 52.0.160.62...
* TCP_NODELAY set
* Connected to test-as.sgx.trustedservices.intel.com (52.0.160.62) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS handshake, CERT verify (15):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to test-as.sgx.trustedservices.intel.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to test-as.sgx.trustedservices.intel.com:443
0 Kudos
24 Replies
JohnMechalas
Employee
686 Views

Goh, Nicholas wrote:

Hello John,

Unfortunately I am also facing this similar problem, are you able to help me too?

I will have the team look into your issue as well. Thank you for letting me know!

 

John

0 Kudos
Goh__Nicholas
Beginner
686 Views

John M. (Intel) wrote:

Quote:

Goh, Nicholas wrote:

 

Hello John,

Unfortunately I am also facing this similar problem, are you able to help me too?

 

 

I will have the team look into your issue as well. Thank you for letting me know!

 

John

I am doing this for a project submission so any updates would be helpful

0 Kudos
Yan__Yudao
Beginner
686 Views

John M. (Intel) (Intel) wrote:

We believe we have identified the root causes for each of the issues reported in this thread. As they don't all have the same cause, we'll be reaching out to you all individually.

In addition to fixing the issues, there are some changes we can make in our own processes to help identify potential problems sooner rather than later.

Hi Jogn,

I'm facing this issue as well. Is it due to the [common name] in cert mismatch the real host?

It will be helpful if any one can contact to me via mail.

Thanks!

0 Kudos
Dailey__Matthew
Beginner
686 Views

Hello John and all,

Now I'm having the same problem with a self-signed certificate that I registered last year and was previously working. Has something changed? I have sent mail to intelapiservicesupport. Unfortunately, I don't know precisely when my certificate stopped working.

I did notice that my certificate fails openssl verify, because I didn't set the CA:true basic constraint in the config. However, the self-signing instructions for SGX don't mention this, and as I said, my certificate was working until some time in the past. Today I get the same error previous posters got because their certificate was not deployed to the test environment: curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to test-as.sgx.trustedservices.intel.com:443

Would appreciate any help anyone can offer!

Thanks,

Matt

0 Kudos
Reply