I'm trying to get SSL working on IBM HTTP Server v 184.108.40.206
I created a new KDB and stashed the PW. The company I'm dealing with has their own Certificate Authority, so I created the personal certificate request using ikeyman, sent them the request, and they sent back the new root certificate.
I created the signer certificate using the certificate that was sent to me by the Certificate Authority, setup the httpd.conf file how I've done in previous SSL configurations, and recycled the HTTP Server.
I cannot access any secure urls. I tried to hit the HTTP server over port 443 directly and I get Page cannot be displayed.
When I looked in the error_log I saw this:
Thu Nov 01 10:31:19 2012 crit http://client 10.3.48.216 81a3ce8 22667 SSL0227E: SSL Handshake Failed, Specified label could not be found in the key file.
I checked and made sure the label was in proper format / not using any reserved characters and it's fine.
Thanks in advance.
Notice: We have upgraded developerWorks Community to the latest version of IBM Connections. For more information, read our upgrade FAQ.
Pinned topic SSL0227E: SSL Handshake Failed, Specified label could not be found ...
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-11-12T03:49:59Z at 2012-11-12T03:49:59Z by SystemAdmin
Re: SSL0227E: SSL Handshake Failed, Specified label could not be found ...2012-11-01T16:08:03ZThis is the accepted answer. This is the accepted answer.I once saw a cert label with trailing spaces -- hard to spot it w/o gsk7capicmd -cert -list sent to a file and looking carefully.
Re: SSL0227E: SSL Handshake Failed, Specified label could not be found ...2012-11-01T18:20:14ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin 110000D4XK
Re: SSL0227E: SSL Handshake Failed, Specified label could not be found ...2012-11-01T19:16:33ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin 110000D4XK
Sunit 100000DWFV194 Posts
Re: SSL0227E: SSL Handshake Failed, Specified label could not be found ...2012-11-05T14:17:49ZThis is the accepted answer. This is the accepted answer.If your company uses its own CA then this the way you should create the certificate:
After you create the kdb and stash the password:
1. Go to the Personal Certificates and create a certificate request.
2. Export the request and send it to the CA (in your case your company CA).
3. CA will sign and return you the certificate.
4. Display the returned certificate using windows and check the signing chain.
5. Export each certificate in the signing chain except your own to a file
6. Add each of the certificate from the chain starting with Root in trusted certificates in your kdb
7. Go to the personal certificates tab in your kdb and use the 'Receive" button to receive the signed certificate.
8. In your httpd.conf file point to the signed personal certificate.
9. Restart IHS
Re: SSL0227E: SSL Handshake Failed, Specified label could not be found ...2012-11-12T03:49:59ZThis is the accepted answer. This is the accepted answer.Just try these 2 things.
1) Comment SSLServerCert in httpd.conf
2) Make sure you have only one personal certificate in KDB, set that certificate as default (this is very important as when you comment SSLServerCert in httpd.conf it will look for the default certificate, it will usually show an asterisk in front of personal certificate name when you open the kdb).
Hope that quickly solves your problem.