SCA chained certs

Unanswered Question
Nov 2nd, 2009
User Badges:

I've got an older CSS-SCA-2FE-K9. We used to get our certs via VeriSign, and than switched to Entrust.

I've repeated this conversion process several times as our Verisign certs expired.

Whenever I've submitted a CSR, I always received a single file back containing the new cert. This time around, I actually received 2 file from Entrust. One is "xxxSSLCert.txt", the other is "xxxCrossCert.txt".

Not bieng familiar with anything "Cross" related, I applied the "SSLCert" file to my SCA, associated it and the corresponding key to my SSL server, and all appears to be fine.

I use the same cert for 3 environments (production, development, and test). I applied the new cert/key to both development and test. The development system works fine, but the Test system has stopped.

When I do a "show ssl sessions" on the SCA, I see the following:

For 'wasportaltest':

SSL New Accepts - Started (NAS): 5

SSL Reneg - Requested (RR): 0

SSL New Accept/Renegot - Finished (AF): 0

SSL v2 New Accepts - Started (V2AS): 0

SSL v2 New Accept/Renegot - Finished (V2AF): 0

SSL Session Lookup Misses (SLM): 0

Reuse Attempt on Timed Out Session (RATS): 0

Session Removed Due to Full Cache: (SRFC) 0

Session Reuse Actually Done (SRAD): 0


Sorry for the output formatting. But the only counter that increments is the first one. The folks testing the system tell me they see SSL Handshake errors.

I can't figure out why one system works, and the other does not when the only thing that changed was I pointed both SSL servers to the new cert/key pair. If there was an issue with the pair, I would expect some sort of error message.

Like I said, I've done this many times in the past with no problems. It's usually a prett seamless process. The only different thing this time around is I received 2 certs in response to my CSR.

Anybody familair with this siutation? Mayeb somebody could point me in a direction to resolve this...Certificate Groups?!?!?!



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion