Hand shake Failure

Ramakrishna_Buddha · November 12, 2008, 1:25pm

Hi All,

We have requirement of implementing certificates while interacting with partners.My enterprise has two different clients A and B.

A has provided its certificates(in PKCS12 format, i extracted CA, private and server signed using OpenSSL) for doing a webservice call. I have used the set.keyChain service to implement the certificates and could able to do the webservice call successfully.

B is requesting a serial number of my enterprise certificate.So i have provided the serial number of A’s server signed certificate to B, and they have configured at their end.Now i am using the setKeyChain and using the same certificates provided by A and tried to do a HTTP Post but getting a SSL Hand Shake failure.

Can some one help me how to proceed further.

Tong_Wang · November 12, 2008, 10:16pm

May be I misunderstood, why are you providing partner A’s cert info to partner B?
you should provide your cert info instead.

Ramakrishna_Buddha · November 13, 2008, 12:12pm

From your question, i think i have wrongly understood the certificate implementation.
As it was working for my partner A, i thaught that i can provide the same server signed

certificate (of partner A)to partner B for configuring at their end.
I thaught, once they configure i can use the SetKeyChain to set the certificates and do a HTTP post to partner B.

Can you please correct my understanding.

Now i have received the below certs from my security team.
1)CA cert (der format)
2) private RSA key (no extension)
3) original pkcs-7 file (in txt format)

Can you tell me how to use the above information to make my IS ssl enabled
and what to be passed to the client for configuring at his end.

My partner is just asking for my server signed certificate serial number.

pleae help me.

Thanks.

Tong_Wang · November 14, 2008, 2:34am

Start with IS admin guide, chapter 11, 7.
For serial number, just double-click on your der or cer file, you should be able to view it.
for openning pkcs7 file:
[url]Microsoft Learn: Build skills that open doors in your career

HTH,
Tong

Ramakrishna_Buddha · November 15, 2008, 12:36pm

Hi,
Thanks for the response.
yah i got the serial number and the the certificate from PKCS7 file. The one i have extracted is the same CA certificate that i got earlier.

My partner is asking for a serial number of my certificate.
I have got CA from my security team and a key in RSA format (which dosent have any extension). I have given the serial number of the CA cert to my partner.

Now can u tell me how can i use these certificate and the RSA key to communicate with my partner.

Please help me.

Thanks.

Guest · December 1, 2008, 12:05pm

Hi All,

The issue has resolved…my partner has not updated his cert store with root CA cert and intermediate cert. I have provided the certificates to him and asked him to update teh cert store after which the SSL hand shake is successfull.

Thanks you all for the help.