Mindbreeze Integration Certificate errors by Microsoft KB-Update 2016

Last update: 4 August 2017

Mindbreeze Integration Certificate errors by Microsoft KB-Update 2016

Information

Fabasoft Support figured out that a Microsoft Update from January or February 2016 causes Mindbreeze Integration stop to work with the following certificate error:

A problem occured somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others. CURLcode: CURLE_SSL_CONNECT_ERROR)".

Fabasoft Folio customers are only affected in the following situation:

  • The self-signed certificates created by the Fabasoft Folio Mindbreeze Integration, that only should be used for the period of installing the own CA-signed certificates, are still used for the authentication of Fabasoft Folio to Mindbreeze Enterprise.

Your environement is NOT affected if you already have created certificates with your own CA.

The configuration file for OpenSSL used to generate the self-signed certificates has used the MD5 key algorithm, that is meanwhile known to be unsecure. Currently we assume that one of the Microsoft updates from January or February 2016 Security Advisory disables the usage of MD5-secured certificates. New Fabasoft Folio releases already use an OpenSSL configuration file that creates SHA256-secured certificates.

Solution

If the MD5 algorithm was used in your certificates, it is recommended to change the certificates before you install Microsoft updates from January or February 2016. Otherwise the above error could occur and fulltext search out of Folio will not work anymore.

  • Fabasoft recommends to use the own Public Key Infrastructure to create a key pair that should be used in Fabasoft Folio for Mindbreeze authentication.
  • If this is not possible, it is recommended to create new self-signed certificates with the more secure algorithm sha256.

Please follow the steps in these articles:

 

If you need help rolling out new certificates, please contact Fabasoft Support.