I would like to secure SOAP communication with TLS.
I have enabled Server certificate encryption in the Milestone Server Configurator, and when I make a GET request to
http://redacted:7563/RecorderCommandService/RecorderCommandService.asmx?wsdl
I get a 200 OK response. When I make a HTTPS request, it doesn’t work. So I assume I should enable “Streaming media certificate encryption”, even though I am not streaming videos when issuing that GET request or the SOAP requests that I want this TLS for.
After I enabled Streaming media certificate encryption, the above request no longer works, and it makes sense. I just enabled HTTPS, so I should be sending HTTPS requests instead. However, after changing http to https in the URL, the request still fails. Unlike with http, which was getting ERR_CONNECTION_RESET, https is getting ERR_SSL_PROTOCOL_ERROR. I am issuing that GET request from the same machine, so the certificate is trusted.
I have used the same certificate for Streaming media certificate encryption, that was already being used for Server certificate encryption, and there was no apparent trouble in communication between Management Server and Recording Server, which are on different machines. So I assume that the certificate is fine. I have checked it anyway and its SAN has the IP of the machine that I am trying to make the request to.
When I curl the recording server from another machine I get the following
curl https://redacted:7563/recordercommandservice/recordercommandservice.asmx
curl: (35) OpenSSL/3.0.11: error:0A000438:SSL routines::tlsv1 alert internal error
Additionally management server can no longer see video previews in the Site Navigation > Server > Recording Servers section.
I am using Milestone XProtect Recording Server 23.3.a build 58.
What could be wrong? Can I see any related details in some specific log file?
Thanks