May 2020
M T W T F S S
« Mar    
 123
45678910
11121314151617
18192021222324
25262728293031

Categories

WordPress Quotes

History is a relentless master. It has no present, only the past rushing into the future. To try to hold fast is to be swept aside.
John F. Kennedy
May 2020
M T W T F S S
« Mar    
 123
45678910
11121314151617
18192021222324
25262728293031

Short Cuts

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (211)
Centos RHEL 7 (270)
centos8 (3)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (30)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
ftp (5)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (2)
horoscope (23)
Hyper-V (10)
IIS (15)
IPTABLES (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (7)
Ldap (5)
Linux (188)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (35)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
SFTP (1)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
swap (3)
TIPS on Linux (28)
tomcat (62)
Ubuntu (1)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Who's Online

0 visitors online now
0 guests, 0 bots, 0 members

Hit Counter provided by dental implants orange county

More on IHS and SSL – SSL0208E: SSL Handshake Failed, Certificate validation error


if you see: –
Error 101 (net::ERR_CONNECTION_RESET): The connection was reset.
in Chrome, and: –
[Wed Apr 17 05:06:32 2013] [error] [client 192.168.8.1] [7f0eb40028d0] [5144] SSL0208E: SSL Handshake Failed, Certificate validation error. [192.168.8.1:52195 -> 192.168.8.162:8443] [05:06:32.584379]
[Wed Apr 17 05:06:32 2013] [error] [client 192.168.8.1] [7f0eb400b3d0] [5144] SSL0208E: SSL Handshake Failed, Certificate validation error. [192.168.8.1:52196 -> 192.168.8.162:8443] [05:06:32.585419]
[Wed Apr 17 05:06:32 2013] [error] [client 192.168.8.1] [7f0eb800edd0] [5144] SSL0208E: SSL Handshake Failed, Certificate validation error. [192.168.8.1:52197 -> 192.168.8.162:8443] [05:06:32.586475]
[Wed Apr 17 05:06:32 2013] [error] [client 192.168.8.1] [7f0eac0115c0] [5144] SSL0208E: SSL Handshake Failed, Certificate validation error. [192.168.8.1:52198 -> 192.168.8.162:8443] [05:06:32.587517]
[Wed Apr 17 05:06:32 2013] [error] [client 192.168.8.1] [7f0eb000e7b0] [5144] SSL0208E: SSL Handshake Failed, Certificate validation error. [192.168.8.1:52199 -> 192.168.8.162:8443] [05:06:32.588528]

in the IHS error logs, chances are that you only have one certificate in the IHS SSL keystore or, to be more accurate, the root CA certificate is missing.
This can be validated as follows: –
/opt/IBM/HTTPServer/bin/gskcapicmd -cert -list -db client.kdb 

Certificates found
* default, – personal, ! trusted
*- clientcert

In other words, this shows that we only have the client certificate ( sometimes known as the intermediate or “device” certificate ) but not the CA certificate.
This is easily fixed: –
/opt/IBM/HTTPServer/java/jre/bin/ikeycmd -cert -add -db client.kdb -label myca -file test.cer
( this assumes that you’ve been following the previous post and have extracted the root CA certificate from the CA keystore into the file test.cer )
/opt/IBM/HTTPServer/bin/gskcapicmd -cert -list -db client.kdb 

Certificates found
* default, – personal, ! trusted
! myca
*- clientcert

Once IHS is restarted, all is well 🙂

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  

Blue Captcha Image
Refresh

*

Protected by WP Anti Spam