Bootstrap FreeKB - IBM IHS Web Server - Resolve "Certificate validation error during handshake last PKIX/RFC3280 certificate validation error was GSKVAL_ERROR_NO_CHAIN_BUILT"
IBM IHS Web Server - Resolve "Certificate validation error during handshake last PKIX/RFC3280 certificate validation error was GSKVAL_ERROR_NO_CHAIN_BUILT"

Updated:   |  IBM IHS Web Server articles

This error appears in the web servers error log.

Certificate validation error during handshake, last PKIX/RFC3280 certificate validation error was GSKVAL_ERROR_NO_CHAIN_BUILT. [10.0.0.1:443-> 10.0.0.2:49654]

 

Notice in this example that the request is coming from the system with IP address 10.0.0.1 on port 443 to the system with IP address 10.0.0.2. The system with IP address 10.0.0.1 should be your IBM IHS web server. The IP command can be used to display the IP address of your IBM IHS web server. In this example, the IP address of the IBM IHS web server is 10.0.0.1.

~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:64:f5:94 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.0 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever

 

This error suggests that when connecting to the system with IP address 10.0.0.2 over a secured channel, such as HTTPS on port 443, your IBM IHS web server needs to present a certificate that can be used to connect to the system with IP address 10.0.0.2.

Let's say your IBM IHS web server has a Key Database file named example.kdb, and the Key Database contains a certificate, such as *.example.com. The error being returned suggests that the *.example.com certificate cannot be used to establish a secured connection to the system with IP address 10.0.0.2.

${ihs_install_root}/gsk8/bin/gsk8capicmd_64 -cert -list -db /path/to/example.kdb -stashed

Certificates found
* default, - personal, ! trusted, # secret key
*-      *.example.com

 

One solution to this issue is to get a certificate that can be used to connect to the system with IP address 10.0.0.2 and then import the certificate into the Key Database file on your IBM IHS web server.




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 5194c6 in the box below so that we can be sure you are a human.