help me with handshake logs

Question

Hi,&nbsp;
&nbsp;I'm experienced error while third party was trying to connect to my service using client certificate. &nbsp;
&nbsp;I did tcpdump attached the result.&nbsp;
&nbsp;Can you help me to find the problem.&nbsp;

hoolio · Answer

Hi InfoSec, 
  
 The ssldump output shows the server rejected the client's certificate:

1 7  1293361272.9715 (0.0011)  S&gt;CV3.1(2)  Alert
    level           fatal
    value           handshake_failure

If you can get a copy of the client's cert and key, you could test this yourself.  The first thing I'd try is to use openssl s_client to check that the client cert is valid for the server cert. 
  
 http://www.openssl.org/docs/apps/s_client.html 
  
 Aaron

infosec_38553 · Answer

Thank you very much. 
&nbsp;  
&nbsp; This was very helpful the problem fixed now. 
&nbsp;  
&nbsp; Regards,

hoolio · Answer

Out of curiosity, what was the fix? 
&nbsp;  
&nbsp; Thanks, Aaron

infosec_38553 · Answer

Actually the problem was from the certificate itself signed in wrong way. 
&nbsp; This why it was reject by the server.

Forum Discussion

help me with handshake logs

Recent Discussions

AS3 Limitations

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

SSL Profiles Part 1: Handshakes

TCP Internals: 3-way Handshake and Sequence Numbers Explained

Restricting number of concurrent TLS handshakes using Max Active Handshakes on BIG-IP

HTTPS - Monitor SSL Handshake

TCP 3-WAY Handshake vs TCP Half-Open

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS