HTTPS prob; Invalid SSL credentials


I am trying to connect from our IS to our customers IS using HTTPS but I can’t get it to work. The error message I get is “ [ISC.0064.9314] Authorization Required: [ISS.0084.9002] Invalid SSL credentials”.

The first thing i tried was to connect through a browser, and that works fine, it asks for a client cert but when I don’t provide one it it asks for username and pw instead and that works.

Next I wrote a test service using the pub.client:http to try and debug and try some different headers, but I always get the same error as I mentioned above. In my test service I provide the correct auth/user and auth/pass, and “basic” as the auth/type.

I have also made sure that all the customers server certs are installed on our IS and I have reset the CA cache and even restarted the IS.

Currently I am trying out some different HTTP analyzer apps in order to determine what is actually sent and received in the HTTP headers, but perhaps someone has some other idea on how to approach the problem?

Both we and the customer are using 6.5, (sp2 I think).

nm, the problem was on the customer side.

Not sure if this helps, as I don’t know how particular IS is with certs, but what browser did you test with?

If it was Internet Explorer, try Firefox to test with instead. I suggest this as I.E. just doesn’t seem all that good at blocking certificates that aren’t correct for a particular use, and so still lets you connect, even if the certs aren’t quite right. Whereas Firefox will not work, telling you there is a problem with the certificates.

We had some issues getting FTP/s to work with some clients, turned out the certs needed to be web SSL certificates (i.e. signed by a certificate authority (although we sign them ourself)) rather than just a standard SSL certificate.



Thanks for your reply, but we already got it to work.

I’m not sure what was the problem, but it was on the customer side. A theory I have is that they had “request client certs”, but that our cert was not installed/mapped to our user. That way when we tried to connect and they requested our cert, we sent our server cert which was not mapped to any user, hence the problems.