865977 wrote:This means there are 3 certificates in the chain,most likely: the Root VeriSign Certificate, an Intermediate Verisign, and your server certificate.
Web Server and WAS Using same certificate issued by the Verisign.
WAS server certificate must be installed in the web server instance?
In the Web Server error log was "SSL_ERROR_HANDSHAKE_FAILURE_ALERT: SSL peer was unable to negotiate an acceptable set of security parameters"
connect to WAS using the openssl command the following message appears.
# openssl s_client -state -debug -verify 0 -connect xxx.xxx.xxx.xxx:443 > x
verify depth is 0
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
verify error:num=19:self signed certificate in certificate chainThis indicates that the CA is not known and needs to be imported into the trust database.
SSL3 alert write:fatal:unknown CA