Home/Support/Support Forum/AnywhereUSB Encryption not working
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

AnywhereUSB Encryption not working

0 votes
Dear All
My new Anywhere USB 2 is working fine so far (without encryption) but as soon as I try to use the encryption, a connection cannot be established.
The configuration utility always shows me the following message:
Host PC Connection Status: Connecting to this Host PC...

As soon as I disable encryption, everything works as expected.

I followed all the steps in the chapter "Configure AnywhereUSB encryption" and did not encounter any problems with that, nevertheless it is not working for me.

I also cannot find any hint how to troubleshoot the issue, there are no logs available to check.

Would be great if someone could help me out.
Marc


Boot Code: 1.9.0986
Firmware: 1.84.1762
Hardware: Rev A - G2
asked Sep 5, 2016 in USB Serial by mlueckert New to the Community (0 points)

Please log in or register to answer this question.

1 Answer

0 votes
Make sure the driver is the latest from the Digi web site.

The following instructions are what I used to get this working:

The digital certificate must be signed by a Trusted Certificate Authority (CA). Since an AnywhereUSB is not publicly accessible, an enterprise CA can self-sign the digital certificate.
Use OpenSSL tools to generate a CA certificate and then use it to sign device certificates.

1. Download the OpenSSL command line app from openssl.org.

2. Create a CA certificate (cacert.crt) and its private 2048-bit RSA key (cakey.pem) and store cakey.pem in a safe place.

openssl req -nodes -new -newkey rsa:2048 -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650 -subj "[your email information]"

Use the following email information string as an example:

/C=US/ST=MN/L=Townname/O=Companyname/ OU=Department/emailAddress=email@company.com/

Note: You will install cacert.crt on your host computer in a following step.

3. Generate a private 2048-bit RSA key for the server and store server.key in a safe place.

openssl genrsa -out server.key 2048

4. Generate a Certificate Signing Request file server.csr.

For example:

openssl req -new -key server.key -out server.csr -subj "[your email information]"

5. With server.csr, generate the actual certificate (server.crt).

openssl x509 -req -days 3650 -CA cacert.crt -CAkey cakey.pem -set_serial 001 -in server.csr -out server.crt

6. Now validate the certificates to each other. If this command is successful, the server.crt: OK message appears. If this command fails, an error message appears (the private CA key is not used in this step).

openssl verify -CAfile cacert.crt server.crt

7. After successfully completing certificate validation in the previous step, concatenate server.crt and server.key to create server.pem.

copy server.crt server.pem
type server.key >> server.pem

Install the CA certificate on the AnywhereUSB device.

1. Open the AnywhereUSB web UI with a web browser.

2. Select Administration > X.509 Certificate/Key Management.

3. Click Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Certificates.

4. Click Identity Certificates and Keys.

5. Click the Choose File and browse to of server.pem file.

6. Click Upload.

Enable the Encrypted AnywhereUSB network service

1. Open the AnywhereUSB web UI with a web browser.

2. Select Configuration > Network.

3. Click Network Services Settings.

4. Select the Enable Encrypted AnywhereUSB check box.

5. Clear the Enable AnywhereUSB check box, if it is selected.

6. Click Apply.

Install the CA certificate on the host computer

1. Open the AnywhereUSB Remote Hub Configuration Utility.

2. Select your AnywhereUSB device.

3. Click Configure.

4. Select the Encrypt Connection check box.

Note: “Tunnel connections” is automatically selected when you select Encrypt connection.

5. Browse to or type the path of the CA certificate (cacert.crt) in the Digital Certificate field.

6. Click Update.
answered Sep 8, 2016 by userid0 Veteran of the Digi Community (2,158 points)
Thank you very much for the instructions. What I can see these are exactly the same as I have used.
I followed all the steps. The uploaded certificate is shown in the WebUI and "Matching Key" shows "Matching key found".
So for me everything looks ok but I am unable to connect.
...