WebSphere HTTP Server - mod_ibm_ssl.so - IHS always sending default Certificate to Browser

This is Interesting: Free IT Magazines  
Home > Archive > WebSphere HTTP Server > September 2005 > mod_ibm_ssl.so - IHS always sending default Certificate to Browser





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author mod_ibm_ssl.so - IHS always sending default Certificate to Browser

2005-09-28, 6:05 pm


Here is my config

Multiple Virtual Hosts with SSLEnabled
One KeyFile - multicerts.kdb
One StashFile - multicertStash.sth

All Virtual Hosts reference the KeyFile and StashFile

When SSL is tested IHS always serves the default Cert in the KeyFile.

Is there a way to specify in the conf file what cert to use???

Thanks
Sunit Patke

2005-09-28, 6:05 pm

To use a specific SSL certificate use SSLServerCert directive in httpd.conf
file
You can point each of the VirtualHost to a different certificate by using
this directive. If this directive is not present the whichever certificate
is marked as default in your kdb will be used.

Sunit

<mevans@johnson.ca> wrote in message
news:1721979151.1127921237113.JavaMail.wassrvr@ltsgwas007.sby.ibm.com...
>
> Here is my config
>
> Multiple Virtual Hosts with SSLEnabled
> One KeyFile - multicerts.kdb
> One StashFile - multicertStash.sth
>
> All Virtual Hosts reference the KeyFile and StashFile
>
> When SSL is tested IHS always serves the default Cert in the KeyFile.
>
> Is there a way to specify in the conf file what cert to use???
>
> Thanks


2005-09-28, 6:05 pm

Thanks - I've added that directive to each virtual host...However I now get the following error in the IHS error.log

[Wed Sep 28 14:02:58 2005] [crit] SSL0227E: SSL Handshake Failed, Specified label could not be found in the key file.

For the SSLServerCert directive I specified the cert name as is appears in the iKeyMan inside quotes - "CertName"

Any insight???
Sunit Patke

2005-09-28, 6:05 pm

Looks like you are not using the correct label in SSLServerCert directive.
When you created certificates in ikeyman you must have labeled them. Use
this label name in SSLServerCert directive.

Sunit

<mevans@johnson.ca> wrote in message
news:1122439442.1127925606491.JavaMail.wassrvr@ltsgwas007.sby.ibm.com...
> Thanks - I've added that directive to each virtual host...However I now
> get the following error in the IHS error.log
>
> [Wed Sep 28 14:02:58 2005] [crit] SSL0227E: SSL Handshake Failed,
> Specified label could not be found in the key file.
>
> For the SSLServerCert directive I specified the cert name as is appears in
> the iKeyMan inside quotes - "CertName"
>
> Any insight???


2005-09-30, 5:59 pm

I've verified the Cert Label and all matches. Is it possible that the quotes (") around the Cert Name would cause the error?

Mark
Sunit Patke

2005-09-30, 5:59 pm

Cert label should not have quotes (")

Sunit

<mevans@johnson.ca> wrote in message
news:802443607.1128102035774.JavaMail.wassrvr@ltsgwas007.sby.ibm.com...
> I've verified the Cert Label and all matches. Is it possible that the
> quotes (") around the Cert Name would cause the error?
>
> Mark


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com