Applies To:
All versions of TPP
Summary:
When trying to validate Entrust.Net CA template, it throws unable to connect to remote server error.
Cause:
There can be two problems here. One is you actually cannot connect to the respective CA API through TPP server with the credentials. The other thing is you have allowed connection to go via proxy but have not set one in Venafi to use. Most of the time its the issue with proxy setting.
Resolution:
Few troubleshooting checks that you can perform:
1. Check the CA credentials that you are using in Venafi to authenticate are correct and valid
2. Check what proxy is set on Venafi platform.
If its set to use windows configured proxy, then confirm what proxy is set on that windows server with command: netsh winhttp show proxy
3. Check the API connection through a browser from TPP server, if that works
Set same proxy as Venafi and import the API cert on the browser and run below URL. It will ask Entrust API user credentials during authentication
For 19.4 and above the URL is https://api.entrust.net/enterprise/v2/inventories
For 19.3 and below the URL is https://ws-managed.entrust.net/ws/cms.cfc?wsdl
Other Troubleshooting:
In case Windows configured proxy set on Venafi, customer can apply them differently. Some would apply WinHTTP proxy on the server itself, while some leverage the use of WinINET library by setting on IE.
WinINET can be set per machine or per user basis. Here is a doc describing different types of proxies and how to set them https://securelink.net/en-be/insights/windows-proxy-settings-explained/
Comments