Troubleshoot Connectivity

From regify WIKI
Revision as of 14:56, 7 December 2015 by Regify (talk | contribs) (Created page with "The information on this page belongs to the following regify products: * regify client (Windows, MacOS, Linux) * regibox manager (Windows, MacOS, Linux) * regibill desktop * r...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The information on this page belongs to the following regify products:

  • regify client (Windows, MacOS, Linux)
  • regibox manager (Windows, MacOS, Linux)
  • regibill desktop
  • regipay desktop
  • regimail desktop


General connectivity information

What ports is regify using?

In order to allow regify to work, you need to allow regify to access the Internet on TCP/IP ports 443 and 80.

What domains do I need to white-list for regify usage?

This only applies if you are using a proxy-server that blocks Internet access to all sites that are not white-listed. In general, using regify behind such a restricted proxy is not very comfortable. This is because

  1. The networked regify system is a multi-provider system with many regify providers behind several Internet domains. Thus, the domains to white-list may vary.
  2. The regify providers Internet domains are secured by SSL and the regify client software is checking the SSL certificates for security reasons. Thus, the Certificate Revocation Lists (CRL) of the SSL certificates need to be white-listed, too. Some better proxy servers are able to white-list CRL domains automatically or already white-listed common CRL domains by default.
  3. During initial configuration, the regify client uses the regify Provider Lookup Service (PLS) and also connects to some regify domains to check for updates. Thus, you also need to white-list *.regify.com and the corresponding CRL domains.

Follow these steps to get all needed domains to white-list:

  • In general, regify needs access to all *.regify.com domains. This is for using the PLS (Provider Lookup Service) and for automatic updates etc.
  • In addition, you need to white-list the domains of your regify provider. These domains depend on the regify provider your regify account is registered at.
  • In addition, if your proxy does not resolve automatically, you need to white-list the domains of the certificate revocation lists (CRL) used in the affected certificates. For the *.regify.com certificates, this are
    http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl and
    http://crl.comodoca.com/COMODORSACertificationAuthority.crl.
  • It is very likely that you also have to add the CRL of the regify provider you are connecting to. In most cases, you are able to get the domains from the certificate information you can get from your web-browser.
  • For regibox usage, you also need to white-list all domains of regify providers that are hosting a box your users are members of. If a user A of your regular provider A becomes a member of a regibox created by user B of provider B, your user A also needs access to the provider B domains. You also might need to add the CRL's of them, too (see above).

What proxy types are supported?

For authentication, the regify client supports the following authentication schemes: AUTH_BASIC, AUTH_DIGEST and AUTH_NTLM.

For automated proxy settings, the regify software is also supporting PAC files (Proxy Auto Configuration).

Please always test with the most recent regify client version!

General connectivity issues

I'm having connection problems

Common problems are:

  • Error 58 -> No Internet connection. Check if you are connected to the Internet and if your operating system is up to date.
  • Error 59 -> Most probably you need to enter a proxy server or your proxy server credentials are invalid.

It may help you to activate the debug log (described on the product trouble-shoot page). The CURL entries are giving more information about reasons.

If you find SEC_E_INVALID_TOKEN together with Error 59 in the debug logfiles - and being on a Windows 8 or 8.1 system - there might be a problem with the certificate chain of the regify provider. We found two cases regarding the certificate (chain):

  1. The domain certificate was signed using SHA1. Modern Windows does no longer accept SHA1 domain signatures. As a regify provider, please ask your certificate issuer to renew your certificate by using SHA256.
  2. The root CA certificate of the chain was signed with less than 2048 bits. Modern Windows and Mozilla does no longer accept root CA's with less than 2048 bits. Try to import the certificates without the root certificate to let the regify appliance choose the root CA. If you can't get it to work, as a regify provider, please ask your certificate issuer for support.

As a customer, please ask the support of your regify provider to update the certificates.