SSL/TLS handshake problem RRS feed

  • Question

  • I am trying to test an AS2 connection over HTTPS with a partner. We keep getting this message:
    "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
    The trading partner certificate has been installed in the appropriate stores.
    In their root certificate, Details tab, their is a warning symbol next to "Basic Constraints". The values are:
    Subject Type=CA
    Path Length Constraint=None
    There is a warning next to "Key Usage". The values are:
    Digital Signature, Non-Repudiation, Certificate Signing, Off-line CRL Signing, CRL Signing (c6)
    Again at the lowest part of the chain, there is a warning at "Key Usage". Values:
    Digital Signature, Key Encipherment (a0)
    What is preventing us from getting a proper handshake?
     Also, while examining their certificate we have noticed that the CN does not match the URI. We are wondering if they should re-issue the certificate?
    Monday, November 14, 2011 4:57 PM

All replies

  • Is the trade partner doing any type of IP filtering? Make sure that you do not have to register the IP address on their side. Otherwise, you will not be able to connect.
    Please Indicate "Mark as Answer" if this Post has Answered the Question
    Tuesday, November 15, 2011 12:59 PM
  • Hello Carlos,

    They have made firewall changes and they have told us they see our request. The interesting thing is that our firewall is handled by HP which directs all outbound request through a separate IP to our inbound IP. Our inbound IP matches our domain. So you have made me think of an interesting point. Even though they have registered both IPs in their firewall, they may be having difficulty matching our outbound IP with our domain.



    Tuesday, November 15, 2011 2:26 PM