Troubleshooting
Problem
After updating the SSL Certificate in the IHS keystore, SSL0227E errors are recorded in the logs.
Symptom
Error message:
SSL0227E: SSL Handshake Failed, Specified label could not be found in the key file (/path/to/ihs/keystore/keystore.kdb), or the specified label is not a 'personal certificate' (no private key). Label='expected.certificate.alias'
Cause
The new certificate has been imported with a different certificate label than the previous certificate, and IHS was using the SSLServerCert directive, which means it was expecting a specific label.
Environment
Cognos Analytics (any version)
IBM HTTP Server 8.5.5+
Diagnosing The Problem
For this example, the server is expecting a certificate called "ihs-certificate".
1) Check the SSLServerCert directive in the SSL Configuration, to find out what it is expecting:
2) List the contents of the existing keystore using gskcapicmd:
./gskcapicmd -cert -list -stashed -db /path/to/ihs/keystore/keystore.kdb
We can see here that the alias for the certificate in the file is "ihs-certificate2", and not the expected "ihs-certificate"
Resolving The Problem
1) Rename the certificate using gskcapicmd (and verify it is now correct):
./gskcapicmd -cert -rename -stashed -db /path/to/ihs/keystore/keystore.kdb -label "IncorrectLabel" -new_label "CorrectLabel"
2) Restart IBM HTTP Server
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl6dAAC","label":"Install-\u003EGateway\/Web Server"}],"ARM Case Number":"TS015914251","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
04 April 2024
UID
ibm17147518