Product: Xtradyne I-DBC

Version: ALL

Description:

SSLTransportHandshakeFailure

Solution:

The DBC Proxy detected an error while in SSL handshake mode (a phase of the SSL protocol).

This can have one of the following reasons:

• "unknown protocol": The client tries to connect with plain TCP to an SSL listener. In this case, the client should use SSL, or a plain TCP acceptor should be configured using the Admin Console (on the “External Interface” panel).
• "peer did not return a certificate": The client uses certificates that are not trusted by the DBC. During SSL handshake the DBC Proxy sends a list of DNs of trusted CA certificates to the client. The client sees that his certificate will not be trusted by the DBC and doesn’t return a certificate. Please append the client’s CA certificate to the DBC Proxy’s file of trusted CA certificates, see section “Making the DBC Proxy Trust External Certificates” on page 201 for details.
• "self signed certificate in chain": The client uses certificates that are not trusted by the DBC. During SSL handshake the DBC Proxy sends a list of DNs of trusted CA certificates to the client. Although the client has no valid certificate it returns a certificate chain. Please add the client’s CA certificate to the “trusted CA Certificates” file, see section “Making the DBC Proxy Trust External Certificates” on page 201 for details.
• "sslv3 alert certificate unknown": The client does not trust the DBC Proxy CA certificate. Please consult the manual of the client application on how to make the client trust the DBC Proxy CA certificate.
• "alert bad certificate at client": The communication partners use incompatible SSL versions. If you think that this is the reason for the handshake failure, please contact customer support.