Bootstrap FreeKB - IBM IHS Web Server - Resolve "SSL Handshake Failed Either the certificate has expired or the system clock is incorrect"
IBM IHS Web Server - Resolve "SSL Handshake Failed Either the certificate has expired or the system clock is incorrect"

Updated:   |  IBM IHS Web Server articles

Let's say the following error appears in your IBM IHS web servers error log.

[Thu Feb 25 03:01:13.289527 2021] [ibm_ssl:error] [pid 17385:tid 139648960628480] [client 10.17.114.22:56618] [7f0280002920] [17385] SSL0208E: SSL Handshake Failed, Either the certificate has expired or the system clock is incorrect.[10.17.114.22:56618 -> 10.17.122.5:443]

 

Almost always, the former will be the issue, a certificate being used for SSL has expired.

For the sake of this article, let's say you have a Key Database file named example.kdb. The GSKit command or iKeyman GUI can be used to list the certificates in the Key Database file (example.kdb). Let's say you are using the GSKit command, and the Key Database contains a certificate, such as *.example.com.

${ihs_install_root}/gsk8/bin/gsk8capicmd_64 -cert -list -db /path/to/example.kdb -stashed

Certificates found
* default, - personal, ! trusted, # secret key
*-      *.example.com

 

You will want to display the details of the certificate to determine if the certificate has expired.

~]# ${install_root}/gsk8/bin/gsk8capicmd_64 -cert -details -db /path/to/example.kdb -pw your_password -label *.example.com

Label : example
Key Size : 2048
Version : X509 V3
Serial : abc123
Issuer : "CN=Some CA,O=CA Inc,C=US"
Subject : "CN=*.example.com,O=Your Organization,L=Guam,ST=Wisconsin,C=US"
Not Before : January 19, 2021 6:00:00 PM CST
Not After : February 20, 2022 5:59:59 PM CST

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 570f7c in the box below so that we can be sure you are a human.