Bad certificate SSL Connection tracking client certificate

Hi All

Is there a way to save and log the certificate received by the HTTPS port during an SSL hand shake ?

We are facing a problem with one of our partners where once we restart the WM server , the partner keeps getting a “Bad Certificate” error while trying to connect through SSL (AS2 to be specific ) . The error auto-corrects itself after 4 to 5 hours . The problem is specific to one particular TN partner . Other TN parners are okay .

We suspect that this is a problem because of partner s/w caching or their settings goes hayward when a connection fails etc . So we need to track exactly which certificates are submitted by partner while trying the SSL connection .

There is no server log existing for these failed connections. … very weird probelm .
appreciating any help towards a solution
Thanks in advance

Jose

Thumb rule

“always restart your server and the partners server when you have certificate conflicts.”

Certificates are cached for hours

Thahir

Jose

Sorry I missed to mention that when we had certificate problem like this before we used ssl tap from netscape

http://enterprise.netscape.com/docs/cms/60/cert/tools_guide/ssltap.htm

This tool could give you a complete log of what certificates are passed during the handshake

HTH

Thahir

Hi Thahir
Thank you very much for the information . Expacially the tool looks extremly help ful .

Infact our probelm is not exactly a certificate conflict out of the blue . It is specific to this particualr partner , only after our server is restarted for some other reason . More over partner does not use WM , they use a IIS based B2B server . I feel that rather than the certificate being cached, it is the errored connection that is being cached some where . Because even if the certificates are cached , they are correct certs , so the error shudn’t happen .

Anyway thanks a lot and let me now if you have any ideas …
Thanks and regards

Matthew

This might help

http://www.wmusers.com/wmusers/messages/117/30743.shtml

to find the complete list of certificates passed

Thahir