[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-18。"],[],[],null,["# Troubleshoot interoperability testing\n\nUse these instructions to troubleshoot issues with interoperability testing\nbetween Spectrum Access System (SAS) and a Citizens Broadband Radio Service Device (CBSD).\n\nTo troubleshoot issues with the Google SAS Portal, see\n[Troubleshoot SAS issues](/spectrum-access-system/docs/troubleshooting).\n\nCertificate issues when testing\n-------------------------------\n\nYou might see the following certificate issues when you test the interoperability\nbetween SAS and a CBSD:\n\n- **SSL certificate problem when connecting with the provided CBSD or Domain\n Proxy (DP) certificate.**\n\n Make sure that you have the Google Testing Certificate Authority (CA) listed as a root\n of trust in your device. If that's not the case, send an email to\n [SAS Support](/spectrum-access-system/docs/getting-support) to\n get a copy.\n- **A `please-use-sni.invalid` error in the SAS certificate.**\n\n A device connecting to the SAS Portal without Server Name\n Indication (SNI) sees a server certificate for the domain name `please-use-\n sni.invalid`. Proper implementation of Transport Layer Security (TLS) requires\n that the CBSD advertises the target hostname, such as\n `www.google-sas.com`, through the [TLS SNI extension](https://https.cio.gov/sni/).\n- **Modify the test certificates provided by Google before using SAS.**\n\n You do not need to modify the test certificates because SAS verifies\n that a client sends the entire certificate chain. This chain is formed through the\n file concatenation of the CBSD's leaf certificate file and the\n corresponding intermediate CA file. The certificates that you receive from Google\n for testing purposes have the full chain already included.\n- **Include the intermediate CA file when testing SAS.**\n\n Although SAS verifies that a client sends the entire\n certificate chain, no extra work is required when testing with Google\n SAS. This is because the certificates that you receive from Google\n for testing purposes have the full chain already included.\n- **Problems when trying to connect to the SAS Portal.**\n\n To bypass checking the SAS certificate, use the `k` flag with\n the `curl` command, as follows: \n\n ```\n curl -v -k -H \"Host: www.google-sas.com\" -H \"content-type: application/json\" -\n -cert /path/to/cert/file.cert --key /path/to/key/file.key -X POST\n https://www.google-sas.com/vendor/v1.2/registration --data\n @/path/to/example/registration_req.json\n ```\n\n \u003cbr /\u003e\n\n | **Important:** Use the `-k` flag only for testing purposes because it's not secure.\n\n If the connection is established:\n - Verify that you have the Google testing CA [listed as a root of trust](#root-problem).\n - Make sure that you use Server Name Indication (SNI).\n\n If no connection is established, then there might be a network issue that prevents\n your request from going through. If you see an HTTP status code `403` error, there is a\n problem with the certificates that the device provides to the SAS.\n- **Get CBSD or DP certificates for use with the test SAS environment.**\n\n Google provides testing certificates as part of your onboarding process. These\n certificates contain everything that you need to get started. The test\n SAS environment also accepts official certificates issued by\n [WInnForum-approved CBRS CA operators](https://cbrs.wirelessinnovation.org/cbrs-root-ca-operators).\n- **Get CBSD or DP certificates for use with SAS.**\n\n SAS supports CBSD and DP certificates\n from any of the WInnForum-approved CA operators.\n If you're connecting to a test instance, you need testing certificates.\n\nCBSD certificate errors when testing with SAS\n---------------------------------------------\n\nYou might see the following errors when you are testing with SAS:\n\n- **SSL certificate problem.**\n\n You receive an SSL certificate error when you try to connect to\n `https://test.sas.goog` from your CBSD or DP. Make sure that\n you have the testing CA provided by Google SAS Support listed\n as a root of trust in your CBSD or DP. If you don't already\n have it, contact [SAS Support](/spectrum-access-%20system/docs/getting-support)\n to get a copy.\n- **Debug SAS certificate issues.**\n\n | **Important:** Use the `-k` flag only for testing purposes because it's not secure.\n\n To bypass inspection of the SAS certificate in the\n SAS test environment, use the `-k` flag with the `curl`\n command as follows: \n\n ```\n curl -v -k -H \"Host: test.sas.goog\" -H \"content-type: application/json\" --cert\n /path/to/cert/file.cert --key /path/to/key/file.key -X POST\n https://test.sas.goog/v1.2/registration --data\n @/path/to/example/registration_req.json\n ```\n\n \u003cbr /\u003e\n\n If the connection is established, verify that the Google testing CA is\n [listed as a root of trust](#root-problem).\n\n If no connection is established, then there is a network issue that prevents\n your request from going through. If you get an HTTP status code `403` error,\n then there is a problem with the CBSD or DP certificate that the\n device provides to SAS."]]
