KB Article #187800

SFTP termination in DMZ using PassPort PKI services

Problem

Error messages are received on Gateway's log while trying to connect to an SFTP server using SFTP termination in DMZ with PassPort PKI services.


Log.dat

20240730 154419 072 NETE NSRERRClient(14) SecureRelay failed to process request (Error creating connector to /x.x.x.x:6321: com.axway.xsr.agent.security.AgentSecurityException: Security termination is not available, router agent security termination is configured to NONE)


Master.log

24-07-30 15:43:59,559 EXSRMA-mainoutcall : [Outcall:18] Received outcall reply error: Error creating connector to /x.x.x.x:6321: com.axway.xsr.agent.security.AgentSecurityException: Security termination is not available, router agent security termination is configured to NONE


Router.log

24-07-30 15:44:27,568 ERROR mainoutcall : [Outcall:21] Error creating connector to /x.x.x.x:6321: com.axway.xsr.agent.security.AgentSecurityException: Security termination is not available, router agent security termination is configured to NONE

com.axway.xsr.agent.security.AgentSecurityException: Security termination is not available, router agent security termination is configured to NONE

at com.axway.xsr.agent.router.security.RouterSecurity.terminationSecurityParameters(RouterSecurity.java:51) ~[xsrRouter.jar!/:?]

at com.axway.xsr.agent.router.context.master.outcall.OutcallContext.<init>(OutcallContext.java:137) [xsrRouter.jar!/:?]

at com.axway.xsr.agent.router.context.master.MasterAgentContext.onOutcallRequest(MasterAgentContext.java:676) [xsrRouter.jar!/:?]

at com.axway.xsr.agent.protocol.AgentProtocol.onPacket(AgentProtocol.java:138) [commons.jar!/:?]

at com.axway.niocore.communicator.protocol.packet.PacketCommunicatorProtocol.onDataAvailable(PacketCommunicatorProtocol.java:125) [commons.jar!/:?]

at com.axway.niocore.communicator.SSLCommunicator.onSelectorUpdate(SSLCommunicator.java:627) [commons.jar!/:?]

at com.axway.niocore.NIOCore.run(NIOCore.java:147) [commons.jar!/:?]

at com.axway.xsr.agent.router.RouterAgent.start(RouterAgent.java:144) [xsrRouter.jar!/:?]

at com.axway.xsr.agent.router.RouterEntryPoint.<init>(RouterEntryPoint.java:140) [xsrRouter.jar!/:?]

at com.axway.xsr.agent.router.RouterEntryPoint.main(RouterEntryPoint.java:43) [xsrRouter.jar!/:?]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_275]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_275]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_275]

at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_275]

at com.axway.loader.Loader.load(Loader.java:67) [loader.jar:2.16.7-1-1]

at com.axway.xsr.loader.SRAgentLoader.main(SRAgentLoader.java:7) [loader.jar:2.16.7-1-1]


Resolution

On the Secure Relay Router Agent side:

  • Stop secure relay
  • In */SecureRelayRA/conf, do a back-up of the file configuration.xml
  • Modify the file configuration.xml, and the replace the line “<PKIServerType>None</PKIServerType>” with:

[…]

<PKIServerType>General</PKIServerType>

[…]

  • Restart the product


On the Gateway side:

  • In remote site make sure that you have checked in SFTP tab => “Transport security in SecureRelay for outgoing connection”.
  • In the SSH profile, type CLIENT, make sure that you selected the correct algorithms, according to the SFTP termination in DMZ and in tab “Passport PS” specify the PassPort entity to properly set up Secure Relay RA termination.

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.