1. Extensis products now require a direct (outbound) connection to the Internet (via https://cwsg.extensis.com; TCP Port 443; Web / Security Proxies are not supported) to initially establish product. Please ensure that the assigned Extensis Account Administrator is able to properly authenticate to the Extensis Website (https://secure.extensis.com/loginpage) and that all purchased product modules appear within the My Products section.
a. Make certain that this same email address (e.g., employee@example.com) and password are supplied to the I.T. representative assigned to the Extensis project as these credentials will be used during the product installation to verify product licensing.
2. Check in with your assigned Extensis Sales Representative, Technical Account Manager, or a member of the Extensis Technical Support Team (https://help.extensis.com/hc/en-us/requests/new) to ensure that the same (employee@example.com) email address is properly configured as the "Admin User for Product Licensing".
a. In some cases the Admin User (for Product Licensing) may be different than the assigned Account Owner / Primary Contact.
-
-
- This configuration allows for the use of a separate email address exclusively for product licensing (e.g., licensing@example.com) than the email address selected for periodic product update notifications (e.g. employee@example.com).
-
3. OpenSSL can be used to verify proper connectivity from the server instance to the Extensis Licensing Server. OSX ships with a fairly recent version of OpenSSL while pre-compiled Windows (64 bit) binaries are available via the following URL :
https://github.com/IndySockets/OpenSSL-Binaries
openssl s_client -connect <server.domain.name>:<port> -servername <server.domain.name>
OSX :
openssl s_client -connect cwsg.extensis.com:443 -servername cwsg.extensis.com |
Windows Server ( via Command Prompt ; "cd" to OpenSSL folder ) :
openssl.exe s_client -connect cwsg.extensis.com:443 -servername cwsg.extensis.com |
Example Success Output :
CONNECTED(00000006) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA verify return:1 depth=0 C = US, ST = Oregon, L = Portland, O = Extensis, CN = *.extensis.com verify return:1 --- Certificate chain 0 s:/C=US/ST=Oregon/L=Portland/O=Extensis/CN=*.extensis.com i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA 1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA 2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIFGTCCBAGgAwIBAgIQBG2i98PNzGTcpHyGGBtPXTANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTYxMDEzMDAwMDAwWhcN MTkxMjE3MTIwMDAwWjBdMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREw DwYDVQQHEwhQb3J0bGFuZDERMA8GA1UEChMIRXh0ZW5zaXMxFzAVBgNVBAMMDiou ZXh0ZW5zaXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvG/ uoopKcIfXEt0iFXik17emElX159LoRU4RO/axBmNBsGnoFPESYomdv80+SsmE2do SB61CsCEd5JCv8EyFXfTNprI+/n4GMNXqBv85fk0/24xTZM7opUx2S/Rw7/qnDvl QRv6MEENUZtJ8S+XdZOhA9iGm+KKDouc3kdoq492LP4HfGN8Jz8S8m0Yhjpwj3ti ZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAXn1Y 8MP48RQHH3hqHTOjGthENunrVndOKDZoMNRZCikYqnAF0CWFxF23yJl6EndGzw0y JPrzIsazaAj/wU/xS0b5ZSL4w7Zn7SfUifZhD/ugTaAesmYfpUHmV67LDmSL01ZF 8398Ai3PXrHOPwOoRGx+mgfMhPYo9SJwpXd1M2lSaALn0fZXiYJnmXKp2iRwuyRW SB6Z2m5u+/1yWAE3Th5AoJnd04TWhHQ+m0zv3tPTlQhN5rSWy0MzGYJV+zRQfwWE G/QLmsOS1UROUtAYSO+jFGare9481oeP1ASeAq8zZp+iNoZ5Rg0j61IcBER2S96X wZ3LLS9RXKUkpsx44Q== -----END CERTIFICATE----- subject=/C=US/ST=Oregon/L=Portland/O=Extensis/CN=*.extensis.com issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA --- No client certificate CA names sent Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4112 bytes and written 352 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 25360E0DB636A022BE8E9E391FBF58D163C5B1562C1904F0D0292CBA025E940B Session-ID-ctx: Master-Key: E28B3BE658D7FCBCD8FC323B97E0AD4132E4BAC9A3E0D9861CF8E25E100B130BBC3D0D1DC381773F3189708A846632C7 TLS session ticket lifetime hint: 10800 (seconds) TLS session ticket: 0000 - 05 8a 9c bb 22 b6 66 88-23 c5 96 eb 5d a9 f3 2c ....".f.#...].., 0010 - e2 08 3a a0 98 e4 e5 0e-36 ef 6a 78 40 0b b5 22 ..:.....6.jx@.." 0020 - 02 0e 8f 9d c5 a5 21 a4-8f 8d e8 09 a9 10 ec 4f ......!........O 0030 - bc 57 5f b9 7c 48 35 92-1e ee 3f 5e 69 db 7f d5 .W_.|H5...?^i... 0040 - 61 a9 48 2f e2 bd b5 e9-47 ef fe 82 d1 95 e8 d1 a.H/....G....... 0050 - 18 3d ff 9c 1d 34 bd 30-c0 aa e5 a2 01 a6 f4 91 .=...4.0........ 0060 - 90 6b 51 c9 e9 2f 62 0a-ba 1d 5d 25 a4 80 b8 60 .kQ../b...]%...` 0070 - 8e 41 45 e2 4e dc 7b 97-e7 fc 78 53 e5 33 b8 22 .AE.N.{...xS.3." 0080 - 48 b7 fa 7a d7 c9 c3 a5-c0 5f b4 1f 92 f0 4b ce H..z....._....K. 0090 - 68 b5 16 2d c3 47 e7 54-28 2a ad 03 4b 26 38 0b h..-.G.T(*..K&8. 00a0 - 99 e1 17 b0 f2 8c 3d 17-d7 5d 9d 9b d1 ef e4 49 ......=..].....I
Start Time: 1571074146 Timeout : 7200 (sec) Verify return code: 0 (ok) --- |
Example Failure Output :
CONNECTED(00000006) 4630365804:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL alert number 40 4630365804:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:585: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Start Time: 1565379048 Timeout : 7200 (sec) Verify return code: 0 (ok) --- |
4. If the Admin User email address is verified as properly configured for Product Licensing (Item 2) and the server does not return the correct https://cwsg.extensis.com openssl success response (Item 3), the cause must be further “upstream” – (likely a Web / Security Proxy) blocking the connection or the subsequent SSL certificate chain verification process.
- If outbound connections — originating from that server instance — are directed through a Web Security Proxy, simply enabling SSL Inspection Bypass (on the Security Proxy) may resolve connectivity issues.
- If outbound connections — originating from that server instance — are directed through a Web Security Proxy, the server instance may need to be temporarily excluded from this layer of network security until the Extensis product has been properly licensed.
5. A 30-day trial serial number can be applied to temporarily enable Extensis products until any licensing issues have been resolved.