{"id":5385,"date":"2015-10-27T10:20:51","date_gmt":"2015-10-27T02:20:51","guid":{"rendered":"http:\/\/rmohan.com\/?p=5385"},"modified":"2015-10-27T21:16:53","modified_gmt":"2015-10-27T13:16:53","slug":"ssl0208e-ikeyman-verisign-error","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=5385","title":{"rendered":"SSL0208E IKEYMAN VeriSign error"},"content":{"rendered":"<p>SSL0208E IKEYMAN VeriSign error\u00a0<script src=\"\/\/c.amazon-adsystem.com\/aax2\/amzn_ads.js\" type=\"text\/javascript\"><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\ntry { amznads.getAds(\"3033\"); } catch(e) { \/* ignore *\/ }\n\/\/ ]]><\/script><script src=\"https:\/\/aax.amazon-adsystem.com\/e\/dtb\/bid?src=3033&amp;u=https%3A%2F%2Fvyeung.wordpress.com%2F2010%2F07%2F08%2Fssl-handshake-failed-certificate-validation-error-ssl0208e%2F&amp;cb=337955\" type=\"text\/javascript\"><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\nvar a9_p = amznads.getKeys(),\n\t\t_ipw_custom = {\n\t\t\twordAds: '0',\n\t\t\tadSafe: '0',\n\t\t\tdomain: 'vyeung.wordpress.com',\n\t\t\tpageURL: 'https:\/\/vyeung.wordpress.com\/2010\/07\/08\/ssl-handshake-failed-certificate-validation-error-ssl0208e\/'\n\t\t};\n\t\tif(\"undefined\"!=typeof a9_p&#038;&#038;\"\"!=a9_p&#038;&#038;null!==a9_p&#038;&#038;\"[object Array]\"===Object.prototype.toString.call(a9_p)){var a=\"\",b=0,c=a9_p.length;a9_p.sort();for(var d=0;d<c;d++){a9_p[d-b]=a9_p[d-b].replace(\/a1x6p\/,\"a160x600p\");var e=a9_p[d-b].split(\"p\");e[0]==a&#038;&#038;(a9_p.splice(d-b,1),b++);a=e[0]}_ipw_custom.amznPay=a9_p};document.close();\n\/\/ ]]><\/script><!-- IPONWEB header script --><script type=\"text\/javascript\">\/\/ <![CDATA[\nwindow.__ATA = {\n\t\t\t\tscriptSrc: '\/\/s.pubmine.com\/showad.js',\n\t\t\t\tslotPrefix: 'automattic-id-',\n\t\t\t\tinitAd: function(o) {\n\t\t\t\t\tvar o = o || {},\n\t\t\t\t\t\tg = window,\n\t\t\t\t\t\td = g.document,\n\t\t\t\t\t\twr = d.write,\n\t\t\t\t\t\tid = g.__ATA.id();\n\t\t\t\t\twr.call(d, '\n\n\n\n\n<div id=\"' + id + '\" data-section=\"' + (o.sectionId || 0) + '\"' + (o.type ? ('data-type=\"' + o.type + '\"') : '') + ' ' + (o.forcedUrl ? ('data-forcedurl=\"' + o.forcedUrl + '\"') : '') + '>');\n\t\t\t\t\tg.__ATA.displayAd(id);\n\t\t\t\t\twr.call(d, '<\/div>\n\n\n\n\n');\n\t\t\t\t},\n\t\t\t\tdisplayAd: function(id) {\n\t\t\t\t\twindow.__ATA.ids = window.__ATA.ids || {};\n\t\t\t\t\twindow.__ATA.ids[id] = 1;\n\t\t\t\t},\n\t\t\t\tcustomParams: _ipw_custom,\n\t\t\t\tid: function() {\n\t\t\t\t\treturn window.__ATA.slotPrefix + (parseInt(Math.random() * 10000, 10) + 1 + (new Date()).getMilliseconds());\n\t\t\t\t}\n\t\t\t};\n\t\t\t(function(d, ata) {\n\t\t\t\tvar pr = \"https:\" === d.location.protocol ? \"https:\" : \"http:\",\n\t\t\t\t\tsrc = pr + ata.scriptSrc,\n\t\t\t\t\tst = \"text\/javascript\";\n\t\t\t\td.write('<scr' + 'ipt type=\"' + st + '\" src=\"' + src + '\"><\\\/scr' + 'ipt>');\n\t\t\t})(window.document, window.__ATA);\n\/\/ ]]><\/script><script src=\"https:\/\/s.pubmine.com\/showad.js\" type=\"text\/javascript\"><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\njQuery(window).ready(function () { jQuery(\"a.wpa-about\").text(\"About these ads\"); });\n\/\/ ]]><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\nwindow.google_analytics_uacct = \"UA-52447-2\";\n\/\/ ]]><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\nvar _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-52447-2']); _gaq.push(['_setDomainName', 'wordpress.com']); _gaq.push(['_initData']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text\/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https:\/\/ssl' : 'http:\/\/www') + '.google-analytics.com\/ga.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(ga); })();\n\/\/ ]]><\/script><script src=\"https:\/\/ssl.google-analytics.com\/ga.js\" async=\"\" type=\"text\/javascript\"><\/script><script src=\"\/\/r.skimresources.com\/api\/?callback=skimlinksApplyHandlers&amp;data=%7B%22pubcode%22%3A%22725X1342%22%2C%22domains%22%3A%5B%22freehostingtips.weebly.com%22%2C%22gravatar.com%22%2C%22taste-e-juice.ca%22%2C%22sthsweet.com%22%5D%2C%22page%22%3A%22https%3A%2F%2Fvyeung.wordpress.com%2F2010%2F07%2F08%2Fssl-handshake-failed-certificate-validation-error-ssl0208e%2F%22%7D\" async=\"\" type=\"text\/javascript\"><\/script><script src=\"\/\/r.skimresources.com\/api\/?callback=skimlinksApplyHandlers&amp;data=%7B%22pubcode%22%3A%22725X1342%22%2C%22domains%22%3A%5B%22wordpress.com%22%5D%2C%22page%22%3A%22https%3A%2F%2Fvyeung.wordpress.com%2F2010%2F07%2F08%2Fssl-handshake-failed-certificate-validation-error-ssl0208e%2F%22%7D\" async=\"\" type=\"text\/javascript\"><\/script><\/p>\n<div id=\"page\" class=\"hfeed site\">\n<div id=\"main\" class=\"site-main\">\n<div id=\"primary\" class=\"content-area\">\n<div id=\"content\" class=\"site-content\">\n<article id=\"post-9\" class=\"post-9 post type-post status-publish format-standard hentry category-uncategorized\">\n<header class=\"entry-header\">\n<h1 class=\"entry-title\">SSL0208E IKEYMAN VeriSign\u00a0error<\/h1>\n<p>&nbsp;<br \/>\n<\/header>\n<p>SSL0208E IKEYMAN VeriSign error | v.yeung<script type=\"text\/javascript\">\/\/ <![CDATA[\nfunction addLoadEvent(func){var oldonload=window.onload;if(typeof window.onload!='function'){window.onload=func;}else{window.onload=function(){oldonload();func();}}}\n\/\/ ]]><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\nvar LoggedOutFollow = {\"invalid_email\":\"Your subscription did not succeed, please try again with a valid email address.\"};\n\/\/ ]]><\/script><script src=\"https:\/\/s2.wp.com\/_static\/??-eJyFj90OwiAMhV9IJJvzwgvjs2yjI0WgSEGiTy9L1MS5aNKkf985aWUJAv1oswKWpsYlQ7w909bwRv4ChEMd+wRbh\/4Fj+QT+DSzjga0IDJD7HWdVaOJVrhAnBwwV2hl+3kS+itC+YsZSKEfzyIC4\/3LdbCkRbBZo2dZaw2KchITWUtFFlQa0lLj8lsRwdanlZjvXnRVdXLHput2bdscmr15AHGYhE4=\" type=\"text\/javascript\"><\/script><!-- [if lt IE 8]>\n\t\t<link rel='stylesheet' id='highlander-comments-ie7-css' href='https:\/\/s2.wp.com\/wp-content\/mu-plugins\/highlander-comments\/style-ie7.css?m=1351637563g&#038;ver=20110606' type='text\/css' media='all' \/>\n<![endif]--> <!-- Jetpack Open Graph Tags --><script src=\"\/\/c.amazon-adsystem.com\/aax2\/amzn_ads.js\" type=\"text\/javascript\"><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\ntry { amznads.getAds(\"3033\"); } catch(e) { \/* ignore *\/ }\n\/\/ ]]><\/script><script src=\"https:\/\/aax.amazon-adsystem.com\/e\/dtb\/bid?src=3033&amp;u=https%3A%2F%2Fvyeung.wordpress.com%2F2010%2F07%2F08%2Fssl-handshake-failed-certificate-validation-error-ssl0208e%2F&amp;cb=337955\" type=\"text\/javascript\"><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\nvar a9_p = amznads.getKeys(),\n\t\t_ipw_custom = {\n\t\t\twordAds: '0',\n\t\t\tadSafe: '0',\n\t\t\tdomain: 'vyeung.wordpress.com',\n\t\t\tpageURL: 'https:\/\/vyeung.wordpress.com\/2010\/07\/08\/ssl-handshake-failed-certificate-validation-error-ssl0208e\/'\n\t\t};\n\t\tif(\"undefined\"!=typeof a9_p&#038;&#038;\"\"!=a9_p&#038;&#038;null!==a9_p&#038;&#038;\"[object Array]\"===Object.prototype.toString.call(a9_p)){var a=\"\",b=0,c=a9_p.length;a9_p.sort();for(var d=0;d<c;d++){a9_p[d-b]=a9_p[d-b].replace(\/a1x6p\/,\"a160x600p\");var e=a9_p[d-b].split(\"p\");e[0]==a&#038;&#038;(a9_p.splice(d-b,1),b++);a=e[0]}_ipw_custom.amznPay=a9_p};document.close();\n\/\/ ]]><\/script><!-- IPONWEB header script --><script type=\"text\/javascript\">\/\/ <![CDATA[\nwindow.__ATA = {\n\t\t\t\tscriptSrc: '\/\/s.pubmine.com\/showad.js',\n\t\t\t\tslotPrefix: 'automattic-id-',\n\t\t\t\tinitAd: function(o) {\n\t\t\t\t\tvar o = o || {},\n\t\t\t\t\t\tg = window,\n\t\t\t\t\t\td = g.document,\n\t\t\t\t\t\twr = d.write,\n\t\t\t\t\t\tid = g.__ATA.id();\n\t\t\t\t\twr.call(d, '\n\n\n\n\n<div id=\"' + id + '\" data-section=\"' + (o.sectionId || 0) + '\"' + (o.type ? ('data-type=\"' + o.type + '\"') : '') + ' ' + (o.forcedUrl ? ('data-forcedurl=\"' + o.forcedUrl + '\"') : '') + '>');\n\t\t\t\t\tg.__ATA.displayAd(id);\n\t\t\t\t\twr.call(d, '<\/div>\n\n\n\n\n');\n\t\t\t\t},\n\t\t\t\tdisplayAd: function(id) {\n\t\t\t\t\twindow.__ATA.ids = window.__ATA.ids || {};\n\t\t\t\t\twindow.__ATA.ids[id] = 1;\n\t\t\t\t},\n\t\t\t\tcustomParams: _ipw_custom,\n\t\t\t\tid: function() {\n\t\t\t\t\treturn window.__ATA.slotPrefix + (parseInt(Math.random() * 10000, 10) + 1 + (new Date()).getMilliseconds());\n\t\t\t\t}\n\t\t\t};\n\t\t\t(function(d, ata) {\n\t\t\t\tvar pr = \"https:\" === d.location.protocol ? \"https:\" : \"http:\",\n\t\t\t\t\tsrc = pr + ata.scriptSrc,\n\t\t\t\t\tst = \"text\/javascript\";\n\t\t\t\td.write('<scr' + 'ipt type=\"' + st + '\" src=\"' + src + '\"><\\\/scr' + 'ipt>');\n\t\t\t})(window.document, window.__ATA);\n\/\/ ]]><\/script><script src=\"https:\/\/s.pubmine.com\/showad.js\" type=\"text\/javascript\"><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\njQuery(window).ready(function () { jQuery(\"a.wpa-about\").text(\"About these ads\"); });\n\/\/ ]]><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\nwindow.google_analytics_uacct = \"UA-52447-2\";\n\/\/ ]]><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\nvar _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-52447-2']); _gaq.push(['_setDomainName', 'wordpress.com']); _gaq.push(['_initData']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text\/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https:\/\/ssl' : 'http:\/\/www') + '.google-analytics.com\/ga.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(ga); })();\n\/\/ ]]><\/script><script src=\"https:\/\/ssl.google-analytics.com\/ga.js\" async=\"\" type=\"text\/javascript\"><\/script><script src=\"\/\/r.skimresources.com\/api\/?callback=skimlinksApplyHandlers&amp;data=%7B%22pubcode%22%3A%22725X1342%22%2C%22domains%22%3A%5B%22freehostingtips.weebly.com%22%2C%22gravatar.com%22%2C%22taste-e-juice.ca%22%2C%22sthsweet.com%22%5D%2C%22page%22%3A%22https%3A%2F%2Fvyeung.wordpress.com%2F2010%2F07%2F08%2Fssl-handshake-failed-certificate-validation-error-ssl0208e%2F%22%7D\" async=\"\" type=\"text\/javascript\"><\/script><script src=\"\/\/r.skimresources.com\/api\/?callback=skimlinksApplyHandlers&amp;data=%7B%22pubcode%22%3A%22725X1342%22%2C%22domains%22%3A%5B%22wordpress.com%22%5D%2C%22page%22%3A%22https%3A%2F%2Fvyeung.wordpress.com%2F2010%2F07%2F08%2Fssl-handshake-failed-certificate-validation-error-ssl0208e%2F%22%7D\" async=\"\" type=\"text\/javascript\"><\/script><\/p>\n<div id=\"page\" class=\"hfeed site\">\n<div id=\"main\" class=\"site-main\">\n<div id=\"primary\" class=\"content-area\">\n<div id=\"content\" class=\"site-content\">\n<article id=\"post-9\" class=\"post-9 post type-post status-publish format-standard hentry category-uncategorized\">\n<div class=\"entry-content\">\n<p>Upon installing the certificates received back from VeriSign, the following error may be shown in the error_log when trying to access the site via https:<\/p>\n<p><code>[Tue Jun 29 10:34:37 2010] [error] [client 10.64.136.75] [e6968ff8] [10436] SSL0208E: SSL Handshake Failed, Certificate validation error. [10.64.136.75:1596 -&gt; 10.34.77.5:443] [10:34:37.000732098]<\/code><\/p>\n<p>The error: SSL0208E signifies that a particular certificate may be missing from the chain. There is no easy way to find out which certificate is missing however and more advanced logging must be enabled.<\/p>\n<p>In the <span class=\"skimlinks-unlinked\">httpd.conf<\/span> file, add a line at the end of the log file:<\/p>\n<p>SSLTrace<\/p>\n<p>So your <span class=\"skimlinks-unlinked\">httpd.conf<\/span> file may look something like this:<\/p>\n<p><code>LoadModule ibm_ssl_module modules\/mod_ibm_ssl.so<br \/>\nListen 443<br \/>\n&lt; VirtualHost *:443&gt;<br \/>\nSSLEnable<br \/>\n&lt; \/VirtualHost&gt;<br \/>\nKeyFile \/IBM\/HTTPServer\/keydatabase.kdb<br \/>\nSSLDisable<br \/>\nSSLTrace<\/code><\/p>\n<p>Stop and restart apache server using apachectl and try to access the site again via https. A new log file under the logs directory will now be written called gsktrace_log.<\/p>\n<p>Most of gsktrace_log will be unreadable however searching for a few keywords will reveal more detailed information on what certificate may be missing in the chain.<\/p>\n<p>In particular look for the \u201cCert1\u201d term and then the log detail below that. An example of a part of a gsktrace_log is detailed here:<br \/>\n<code><br \/>\nGSKNativeValidator - Current built chain:<br \/>\nCert1<br \/>\nDN: OU=www.verisign.com\/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network<br \/>\nS#: 0x1234567890d02f0f926098233f9fffff<br \/>\nCert2<br \/>\nDN: CN=yourdomain.com,O=YOUR ORGANISATION NAME LTD,L=Sydney,ST=New South Wales,C=AU<br \/>\nS#: 0x3cc123f1a15b60a733cdc01234567890<br \/>\n<em>.........<\/em><br \/>\nGSKMemoryDataSource - Looking for :<br \/>\nOU=Class 3 Public Primary Certification Authority,O=VeriSign\\, Inc.,C=US<br \/>\n<em>.........<\/em><br \/>\nGSKMemoryDataSource - Trying:<br \/>\n<\/code><code>CN=yourdomain.com,O=YOUR ORGANISATION NAME LTD,L=Sydney,ST=New South Wales,C=AU<\/code><br \/>\n<code><em>.........<br \/>\n&lt; and finally...&gt;<\/em><br \/>\n<em>... <\/em>Dead End! Couldn't find any (more) issuer certificates. ...<br \/>\n<\/code><\/p>\n<p>The section \u201cLooking for :\u201d gives a clue on the certificate that may be missing in your chain that is causing the SSL0208E error. In this particular case, the \u201cClass 3 Public Primary Certification Authority\u201d certificate is missing within IKEYMAN. The solution to this problem was to download and install the correct Root certificate from VeriSign and install it into IKEYMAN (<em>Just do a search for the certificate on Google<\/em>). Once the httpserver was stopped and started back up, https was up and working.<\/p>\n<\/div>\n<\/article>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/article>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>SSL0208E IKEYMAN VeriSign error \/\/ \/\/ \/\/ \/\/ \/\/ \/\/ <\/p>\n<p> SSL0208E IKEYMAN VeriSign error <\/p>\n<p>&nbsp; <\/p>\n<p>SSL0208E IKEYMAN VeriSign error | v.yeung\/\/ \/\/ \/\/ \/\/ \/\/ \/\/ \/\/ \/\/ <\/p>\n<p>Upon installing the certificates received back from VeriSign, the following error may be shown in the error_log when trying to access the site via https:<\/p>\n<p> [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5385"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5385"}],"version-history":[{"count":2,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5385\/revisions"}],"predecessor-version":[{"id":5387,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5385\/revisions\/5387"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}