[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL Handshake Error



   Hello Everyone, We finally figured out what the problem was. Two of the
   clients certificates were faulty. We disabled them and now the
   application is working.


   Thank you all for your assistance!

   Art Duarte
   From: [1]Mike Krebs
   Sent: �ursday��bruary�5��15 ��03�PM
   To: [2]Scott Klement
   You can create a new store and use that with changes to your
   applications. That just makes it even more complicated though and is
   beyond my knowledge base.
   We just went through some certificate issues at my workplace and it was
   not easy to figure out but once figured out, it all ties together. We
   didn't use it this time but if I recall correctly there is a unix like
   tool that we used years ago that will help you work through the
   certificate issues. Anyone recall what it is?
   -----Original Message-----
   From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
   [[3]mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Arturo
   Sent: Thursday, February 5, 2015 7:37 AM
   To: Scott Klement
   Subject: Re: SSL Handshake Error
   Can another certificate store be created and used instead of *SYSTEM?
   If so, how do I go about doing so?
   Art
   From: Mike Krebs
   Sent: �dnesday��bruary�4��15 ��39�PM
   To: Scott Klement
   In the DCM, under manage certificates, take the option to check
   expiration on each category. Today, you will only be concerned if the
   certificate is expired today. If it expires in the near future, you
   might want to add to the list of things to check but only look for
   things already expired.
   Fix those that are expired, try that application again. If you don't
   have any expired certificates, I think you should give 800-ibm-serv a
   call.
   -----Original Message-----
   From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
   [[4]mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Arturo
   Sent: Wednesday, February 4, 2015 11:45 AM
   To: Scott Klement
   Subject: Re: SSL Handshake Error
   I checked DCM, work with Server and Client Certificates for *SYSTEM
   certificate store, and no certificates found in the store.
   There is a CA certificate that expires 5/14/15
   I found this:
   View Certificate Request

   Certificate type: Server or client
   Certificate store: *SYSTEM
   Certificate label: System Certificate�  Certificate request information:
   Common nameKCX
   Organization unit
   Organization nameKCX
   Locality or city
   State or provinceTexas
   Zip or postal code
   Country or regionUS
   Additional information:
   Private keyYes
   Signed certificate requestYes
   Private key information:
   Key length1024
   Storage locationStored in software
   Does that mean anything?
   Thank you for help!
   Art
   From: Mike Krebs
   Sent: �dnesday��bruary�4��15 ��31�AM
   To: Scott Klement
   Did you check the actual certificate? The store might be there with an
   expired certificate in it.
   -----Original Message-----
   From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
   [[5]mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Arturo
   Sent: Wednesday, February 4, 2015 10:50 AM
   To: Scott Klement
   Subject: Re: SSL Handshake Error
   At a loss what this could be. I checked the *SYSTEM certificate store
   is in place. Haven�tried recompiling the program but not sure what
   good that will do.
   This same process is working on another client�system. Any ideas?
   From: Junior Duarte
   Sent: �esday��bruary�3��15 �:��AM
   To: Scott Klement
   Greetings team,
   Need help with this error message program is getting:
   HTTPAPI Ver 1.24 released 2012-01-23
   OS/400 Ver V6R1M0
   New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0
   https_init(): entered
   -----------------------------------------------------------------------
   --------------
   Dump of local-side certificate information:
   -----------------------------------------------------------------------
   --------------
   http_persist_open(): entered
   http_long_ParseURL(): entered
   DNS resolver retrans: 2
   DNS resolver retry  : 2
   (GSKit) Certificate was rejected by the application supplied exit
   program or certificate being validated by SSL processing was revoked.
   ssl_error(8): (GSKit) Certificate was rejected by the application
   supplied exit program or certificate being validated by SSL processing
   was revoked.
   SetError() #30: SSL Handshake: (GSKit) Certificate was rejected by the
   application supplied exit
   -----------------------------------------------------------------------
   --------------
   Dump of server-side certificate information:
   -----------------------------------------------------------------------
   --------------
   Cert Validation Code = 0
   Error in http_url_get call
   Last week these were working just fine and now this week getting this
   error message.
   Thank you
   Art
   -----------------------------------------------------------------------
   This is the FTPAPI mailing list.  To unsubscribe, please go to:
   [6]http://www.scottklement.com/mailman/listinfo/ftpapi
   -----------------------------------------------------------------------
   -----------------------------------------------------------------------
   This is the FTPAPI mailing list.  To unsubscribe, please go to:
   [7]http://www.scottklement.com/mailman/listinfo/ftpapi
   -----------------------------------------------------------------------
   -----------------------------------------------------------------------
   This is the FTPAPI mailing list.  To unsubscribe, please go to:
   [8]http://www.scottklement.com/mailman/listinfo/ftpapi
   -----------------------------------------------------------------------

References

   1. mailto:mkrebs@xxxxxxxxxxxxxxxxxx
   2. mailto:ftpapi@xxxxxxxxxxxxxxxxxxxxxx
   3. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
   4. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
   5. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
   6. http://www.scottklement.com/mailman/listinfo/ftpapi
   7. http://www.scottklement.com/mailman/listinfo/ftpapi
   8. http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------