TLS or certificate error on activating (TA_E_INET_TLS / TF_E_INET_TLS)Solved

Use the latest TFS and follow the error code (ensure the system is up-to-date -- actually update the system! -- with the latest CACerts if they're on Unix).

Hi Wyatt,

Updated the libraries to 4.3.0.Trying to install on a Win 10 Enterprise.System is up-to-date.

Still getting this error.

2020-04-07, 11:27:32 <error>: Error code 0x3. Contact support or your system administrator.2020-04-07, 11:27:33 <error>: Failed to activate.2020-04-07, 11:27:33 <error>: The secure connection to the activation servers failed due to a TLS or certificate error. This is most often caused by MITM (man-in-the-middle) attempts on corporate networks or, if on Unix operating systems (macOS, Linux, BSD, etc.), it's caused by out-of-date or missing "CA certificates". This means either keeping your system itself up-to-date, or manually updating the CA certs. More debugging information: https://wyday.com/limelm/help/faq/#internet-error

Thanks!

>> "Win 10 Enterprise."

That's not enough information. Open a command window (cmd.exe) and copy the full version number. Windows 10 has about a dozen "major" versions now (and half of them are unsupported by MS).

You should provide a version like so: "Microsoft Windows [Version 10.0.18363.752]"

Next, the error is telling you what is likely happening: MITM a connection. (Google what "MITM" means in the corporate context).

Are you on your own network? Your customer's network? Are you / they MITM connections? Proxying? Etc.? Have you / they tried wyday.com in their browser? What cert are they getting? Is it corporate garbage or is it our cert?

So, start by providing more information. The error code is a start, but use that error to dig into the actual cause.

My guess is that because the customer is on Windows 10 enterprise they're on a corporate device and TFS is telling you exactly what is wrong and how to fix it (namely, MITM -- don't do it, or do it correctly).

Hi Wyatt,

Thanks for the response.

We were able to get it working. We tried wyday.com on the browser and got an internal cert issued by them.They have fixed it.

Another query:The customer's server runs with restricted internet.To allow for connections to be made with wyday, we recommended them to whitelist wyday on their servers.

Is there anything else that we need to do to allow connectivity with wyday servers?

Nope, there shouldn't be anything else needed. Whitelist https://wyday.com and don't attempt to MITM in any way (of if they do, do it correctly).

optitex wrote:> Hi Wyatt,> > Thanks for the response.> > We were able to get it working. We tried wyday.com on the browser and got> an internal cert issued by them.> They have fixed it.

One of our customers gets the same error, i.e., error 36 or TA_E_INET_TLS. We use V4.3 on Windows. Try wyday.com on the browser and got the following cert. Then what should they do next?Issued to: wyday.comIssued by SSL-SGI-GUSSE2Valid from 5/25/2018 to 7/24/2020.

We use TurboActivate.

Same deal. That certificate is not issued by us. Hence, the TLS error.

So, tell the customer to stop MITM connections. Or if they do it, then do it correctly.