If you encounter this issue, here’s how it presents, and how I fixed it:
You have successfully created a certificate, and added it to your keyyfile using ikeyman, however, there is a warning when it adds it. The warning is probably related to the root and/or intermediate certificate. If so, go to letsencrypt and download the root certificate and add it to the domain-crt before adding it to your key, and that may resolve the issue.
The next challenge is a SSL Handshake Failed, Certificate validation error from the client browser IP to the host site IP. This can be resolved by doing the following:
- Open the IBM iKey Manager "Start> IBM HTTP Server> Key Management Utility ".
- Open the Key Database.
- In cert list, select Signer Certificates.
- Populate button. In the select list of VeriSign. Choose to cert “VeriSign Class 3 Public Primary Certificate Authority”.
- Exit the Key Management Utility.
- Restart the IBM HTTP Server.
If you also get the following error: No ciphers specified (no shared ciphers or no shared protocols), that can be resolved by modifying your httpd.conf file to comment out those references, as follows:
<VirtualHost *:443>
SSLEnable
SSLProtocolDisable SSLv2
SSLProtocolDisable SSLv3
# SSLCipherSpec ALL NONE
# SSLCipherSpec ALL +TLS_RSA_WITH_AES_256_CBC_SHA256
# Header always set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”
</VirtualHost>
I hope this helps someone!