AnywhereUSB Encryption not working

USB Edgeport
, ,
1

Dear All
My new Anywhere USB 2 is working fine so far (without encryption) but as soon as I try to use the encryption, a connection cannot be established.
The configuration utility always shows me the following message:
Host PC Connection Status: Connecting to this Host PC…

As soon as I disable encryption, everything works as expected.

I followed all the steps in the chapter “Configure AnywhereUSB encryption” and did not encounter any problems with that, nevertheless it is not working for me.

I also cannot find any hint how to troubleshoot the issue, there are no logs available to check.

Would be great if someone could help me out.
Marc

Boot Code: 1.9.0986
Firmware: 1.84.1762
Hardware: Rev A - G2

2

Make sure the driver is the latest from the Digi web site.

The following instructions are what I used to get this working:

The digital certificate must be signed by a Trusted Certificate Authority (CA). Since an AnywhereUSB is not publicly accessible, an enterprise CA can self-sign the digital certificate.
Use OpenSSL tools to generate a CA certificate and then use it to sign device certificates.

  1. Download the OpenSSL command line app from openssl.org.

  2. Create a CA certificate (cacert.crt) and its private 2048-bit RSA key (cakey.pem) and store cakey.pem in a safe place.

openssl req -nodes -new -newkey rsa:2048 -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650 -subj “[your email information]”

Use the following email information string as an example:

/C=US/ST=MN/L=Townname/O=Companyname/ OU=Department/emailAddress=email@company.com/

Note: You will install cacert.crt on your host computer in a following step.

  1. Generate a private 2048-bit RSA key for the server and store server.key in a safe place.

openssl genrsa -out server.key 2048

  1. Generate a Certificate Signing Request file server.csr.

For example:

openssl req -new -key server.key -out server.csr -subj “[your email information]”

  1. With server.csr, generate the actual certificate (server.crt).

openssl x509 -req -days 3650 -CA cacert.crt -CAkey cakey.pem -set_serial 001 -in server.csr -out server.crt

  1. Now validate the certificates to each other. If this command is successful, the server.crt: OK message appears. If this command fails, an error message appears (the private CA key is not used in this step).

openssl verify -CAfile cacert.crt server.crt

  1. After successfully completing certificate validation in the previous step, concatenate server.crt and server.key to create server.pem.

copy server.crt server.pem
type server.key >> server.pem

Install the CA certificate on the AnywhereUSB device.

  1. Open the AnywhereUSB web UI with a web browser.

  2. Select Administration > X.509 Certificate/Key Management.

  3. Click Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Certificates.

  4. Click Identity Certificates and Keys.

  5. Click the Choose File and browse to of server.pem file.

  6. Click Upload.

Enable the Encrypted AnywhereUSB network service

  1. Open the AnywhereUSB web UI with a web browser.

  2. Select Configuration > Network.

  3. Click Network Services Settings.

  4. Select the Enable Encrypted AnywhereUSB check box.

  5. Clear the Enable AnywhereUSB check box, if it is selected.

  6. Click Apply.

Install the CA certificate on the host computer

  1. Open the AnywhereUSB Remote Hub Configuration Utility.

  2. Select your AnywhereUSB device.

  3. Click Configure.

  4. Select the Encrypt Connection check box.

Note: “Tunnel connections” is automatically selected when you select Encrypt connection.

  1. Browse to or type the path of the CA certificate (cacert.crt) in the Digital Certificate field.

  2. Click Update.

3

Thank you very much for the instructions. What I can see these are exactly the same as I have used.
I followed all the steps. The uploaded certificate is shown in the WebUI and “Matching Key” shows “Matching key found”.
So for me everything looks ok but I am unable to connect.

4

I have this problem too. I found, that if i deselect “Tunnel connections”, and reenable AnywhereUSB check box, i can connect, but if i follow steps according to instruction, i can’t connect to my hub.

Boot Code: 1.09.10.6
POST Version: 1.09.9.39
Firmware: 2.02.23.23
Hardware: Rev A - G2
Software: 3.99.350

5

I am still having this problem. Any ideas?

awusbd[2085]: Error in SSL_accept, error:14094418:lib(20):func(148):reason(1048)

I’ve tried replacing my SSL cert with a new one (didn’t help). I tried reverting back to the built-in self-signed cert (did not actually do anything, still using my cert). I tried disabling encryption (did not actually do anything, still using encryption). Nothing is working.

Firmware Version 20.8.22.32
Model AnywhereUSB 24 Plus
Bootloader Version 0x20200505