: SSL Handshake Failed, Certificate validation error

If you encounter this issue, here’s how it presents, and how I fixed it:

You have successfully created a certificate, and added it to your keyyfile using ikeyman, however, there is a warning when it adds it. The warning is probably related to the root and/or intermediate certificate. If so, go to letsencrypt and download the root certificate and add it to the domain-crt before adding it to your key, and that may resolve the issue.

The next challenge is a SSL Handshake Failed, Certificate validation error from the client browser IP to the host site IP. This can be resolved by doing the following:

  1. Open the IBM iKey Manager "Start> IBM HTTP Server> Key Management Utility ".
  2. Open the Key Database.
  3. In cert list, select Signer Certificates.
  4. Populate button. In the select list of VeriSign. Choose to cert “VeriSign Class 3 Public Primary Certificate Authority”.
  5. Exit the Key Management Utility.
  6. Restart the IBM HTTP Server.

If you also get the following error: No ciphers specified (no shared ciphers or no shared protocols), that can be resolved by modifying your httpd.conf file to comment out those references, as follows:

<VirtualHost *:443>
SSLProtocolDisable SSLv2
SSLProtocolDisable SSLv3
# SSLCipherSpec ALL NONE
# Header always set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”

I hope this helps someone!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.