-1

I have an IBM HTTP Server and Server [X] , I need to create secure connection [SSL] :

by creating KDB file : ibmhttpserverkey.kdb in IBM HTTP Server using iKeyman utility and importing Server[X]'s certificates [cert.PEM] or [cert.der] in ibmhttpserverkey.kdb

it's do-able or not? I have tried a lot and every time it returns "Error Handshake, no certificate found" even if i installed it using certification manager!

Abu taha
  • 61
  • 1
  • 12

1 Answers1

1

You should be able to import certificates from other key file types such as a p12 database or another kdb. After doing the import check the personal certificates using IKEYMAN to see if the certificate is there. If you then see the "Error Handshake, no certificate found" in the IHS error log it may be you have not specified the certificate to be the default. Also check the VirtualHost entry for port 443 (or whatever ssl port is used) and see if an SSLServerCert directive is defined. This directive can be used to point at a label that identifies the needed certificate. The no certificate found message means that IHS opened the kdb defined by the keyfile directive and could not find either a default certificate or one that is specified using the SSLServerCert directive.

Guide to setting up SSL within IHS: http://www-01.ibm.com/support/docview.wss?uid=swg21179559

Marv Knight
  • 416
  • 2
  • 4
  • The Client has got a `Cisco IVR`, `Cisco IVR` Well call `HTTPS` Services configured in `IHS` , I tried all things you have mentioned , but the missing step was to upload the certificates `[PEM,DER]` as `tomcat-trust` certificate into Cisco IVR and Restarting it, thank you. – Abu taha Nov 02 '14 at 10:04
  • The link is not valid anymore. I have exactly the same symptom. I have set the default certificate " or one that is specified using the SSLServerCert directive." What do you mean by this ? – Jess Oct 22 '17 at 03:18
  • The above link still works for me. SSLServerCert is a directive for the IBM HTTP Server (IHS) and you specify the label name associated with the certificate (not the common name). This is for the personal certificate. You can mark a personal certificate to be the default and if this is the desired certificate then the directive is not needed. You typically use the SSLServerCert when multiple personal certificates are in the kdb. When you double click on a personal certificate in IKEYMAN there is a check box to set it as the default. – Marv Knight Oct 23 '17 at 12:47
  • Note: If http://www-01.ibm.com/support/docview.wss?uid=swg21179559 does not work then try http://www.ibm.com/support/docview.wss?uid=swg21179559 The www usually gets changed to the www-01, but if that server is down then www may get changed to a different server name. – Marv Knight Oct 23 '17 at 12:54