Troubleshooting
Problem
HTTP Client Service may fail during SSL Handshake if it tries to connect to a HTTPS server configured with MD5RSA or SHA1RSA certificate (for Server Authentication) signed by another certificate.
Symptom
A HTTP server is configured with MD5RSA or SHA1RSA certificate signed by another certificate. HTTP client service tries to connect to that server with the id of the signer certificate in CA store as the value of the parameter CACertificateId in HTTPClientBeginSession. HTTPClientPost service may fail with the following error message:
HTTP Status Code: -1
HTTP Reason Phrase: Internal Error: Connection was closed from the perimeter side with error: CloseCode.HANDSHAKE_FAILURE
The Authentication.log file will have the following similar error.
[2016-04-13 10:48:11.521] ALL SecurityManager SSL Client Authentication: FAILED Protocol: [Not Available] Remote IP: [Not Available]
AdapterName: [Not Available] AdapterType: [Not Available] SessionId: [Not Available]
Client Certificate Chain
Certificate: 1 X509 Certificate SerialNumber: 327
Issuer: EMAILADDRESS=P2_ROOT@P2_ROOT.COM, CN=P2_ROOT, OU=P2_ROOT, O=P2_ROOT, C=IN
Subject: CN=1024_sha1, OU=1024_sha1, O=1024_sha1
Valid from: Thu Mar 03 06:59:00 EST 2016 to: Sun Mar 03 06:59:00 EST 2115
Signature Algorithm: SHA1withRSA
Thumbprint Algorithm: sha1
Thumbprint: 4536 43FA 24EF 3E6C 4439 B7A7 EBAD DE84 97B4 43C0
Log InLog in to view more of this document
Was this topic helpful?
Document Information
Modified date:
04 February 2020
UID
swg21981226