IBM IHS Web Server - Resolve "SSL Handshake Failed Either the certificate has expired or the system clock is incorrect"
by
Jeremy Canfield |
Updated: February 22 2022
| IBM IHS Web Server articles
Let's say the following error appears in your IBM IHS web servers error log.
[Thu Feb 25 03:01:13.289527 2021] [ibm_ssl:error] [pid 17385:tid 139648960628480] [client 10.17.114.22:56618] [7f0280002920] [17385] SSL0208E: SSL Handshake Failed, Either the certificate has expired or the system clock is incorrect.[10.17.114.22:56618 -> 10.17.122.5:443]
Almost always, the former will be the issue, a certificate being used for SSL has expired.
For the sake of this article, let's say you have a Key Database file named example.kdb. The GSKit command or iKeyman GUI can be used to list the certificates in the Key Database file (example.kdb). Let's say you are using the GSKit command, and the Key Database contains a certificate, such as *.example.com.
${ihs_install_root}/gsk8/bin/gsk8capicmd_64 -cert -list -db /path/to/example.kdb -stashed
Certificates found
* default, - personal, ! trusted, # secret key
*- *.example.com
You will want to display the details of the certificate to determine if the certificate has expired.
~]# ${install_root}/gsk8/bin/gsk8capicmd_64 -cert -details -db /path/to/example.kdb -pw your_password -label *.example.com
Label : example
Key Size : 2048
Version : X509 V3
Serial : abc123
Issuer : "CN=Some CA,O=CA Inc,C=US"
Subject : "CN=*.example.com,O=Your Organization,L=Guam,ST=Wisconsin,C=US"
Not Before : January 19, 2021 6:00:00 PM CST
Not After : February 20, 2022 5:59:59 PM CST
Did you find this article helpful?
If so, consider buying me a coffee over at