Tunnel: SSLClient: Handshake with AWCM/API returns -1 | SSL_ERROR_SYSCALL errno=110


AirWatch Tunnel App (iOS) errors out with “Could not connect to server. Please check internet connectivity” 



Tunnel Logs show the following error:

      2016-02-18 09:24:59.215 139999697164032 DEBUG: SSLClient: Handshake with AWCM/API returns -1

      2016-02-18 09:24:59.215 139999697164032 ERROR: SSLClient: Handshake with AWCM/API returns error SSL_ERROR_SYSCALL errno=110 (Connection timed out)


Next Steps:

In this case, first check if AWCM/API is installed with the full chain of the certificate. This can be validated by running “openssl s_client –connect https://<AWCM_URL:PORT>/awcm/status –showcerts”. If this is not the case, AWCM should be reinstalled using your public certificate in .pfx format including the full certificate chain. 

Next in the Console, check the Site URLs:

  • Verify the REST API URL points to a server that has a publicly trusted SSL certificate. 
  • If the URL does not have a valid certificate, use the steps below to update the Tunnel to point to a trusted API endpoint
  • If this resolves your issue,  the best resolution is to change your site URL to a server with a valid certificate (typically your Device Services server).  **NOTE: this could affect other components you have installed. If you are unsure about this, please contact AirWatch support for further assistance **



If you are unable to change your site URLs, please use the following steps to point the AirWatch Tunnel server to the a trusted API endpoint:

 On the Tunnel Relay server, navigate to VPN’s server.conf file. You can do this by running this command “vi /opt/airwatch/tunnel/vpnd/server.conf” r3.png


Navigate to API URL 



Change the API URL to point to the Device Services server’s DNS 


Restart the Tunnel Service

Have more questions? Submit a request


Article is closed for comments.