Failed to Get the Application Certificates

This error message appears in the Nymi Band Application. The Nymi Band Application manages certificates to secure communications between the Nymi Band and the BLE adapter. When this error appears, Nymi Band Application cannot retrieve certificates.

Cause 1

The Nymi Band Application Terminal cannot communicate with the NES server.

Resolution 1

Review the knowledge base for information about troubleshooting connectivity issues between the enrollment terminal and the NES server.

After you resolve the cause of the issue, log into the Nymi Band Application again. The certificate retrieve occurs automatically.

Cause 2

The L2 certificate or the TLS certificate has expired.

Resolution 2

Replace the expired certificates.
Note: Resolving Certificate issues provides more information about replacing expired certificates.

After you replace the expired certificate on NES, log into the Nymi Band Application again. The certificate retrieve occurs automatically.

The following errors appear in the nymi_api.log file:


                {"operation":"init","exchange":"41","status":2201,"payload":{},"error":{"error_description":"The requested query was not found on the NES server.","error_specifics":""}}
                INFO - Acquiring lock on the update queue sender
                INFO - Lock acquired on the update queue sender
                DEBUG - client connection error: connection error: An existing connection was forcibly closed by the remote host. (os error 10054)
            

If an administrator connects to the NES Administrator Console from a web browser, the connection is not secure.

Cause 3

TLS Certificate was created but the Subject Alternative Name does not contain the required FQDN entries for NES.

The following errors appear in the nymi_api.log file:


                {"operation":"init","exchange":"41","status":2201,"payload":{},"error":{"error_description":"The requested query was not found on the NES server.","error_specifics":""}}
                INFO - Acquiring lock on the update queue sender
                INFO - Lock acquired on the update queue sender
                DEBUG - client connection error: connection error: An existing connection was forcibly closed by the remote host. (os error 10054)
            

Additionally, if an administrator connects to the NES Administrator Console from a web browser, the connection is not secure.

To determine the Subject Alternative Name(s) that are defined for the TLS certificate, view the properties of the TLS certificate:

  1. From a web browser, connect to the NES Administrator Console. A message appears that indicates that the connection is not secure and address bar displays an unlock symbol beside the URL, as shown in the following figure.
  2. Select the unlock symbol on the address bar, and from the menu that appears, select the option to display the information about of the certificate. The following figure provides an example of the menu options that can appear and the option to select.
  3. On the Details tab, scroll down and select the entry for Subject Alternative Name. The following figure provides an example where the FQDN of the server does not explicitly appear and the TLS is a wildcard certificate.

Resolution 3

Obtain a TLS certificate that defines the FQDN for NES in the Subject Alternative Name attribute, and then import the TLS certificate in IIS. If the NES server is in a highly available configuration that uses a load balancer, include the FQDNs for the virtual server and all the physical servers. The Nymi Connected Worker Platform—Deployment Guide provides more information.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.