Q: Do you have any suggestions to follow or things to consider as we try to conquer this SSL handshake error?
A: Yes, I bet that the certificate that you "think" is being provided isn't actually being used.
For example, say that your cert keystore contains 2 "valid" (unexpired) certificate. It is almost impossible for them to expire at the same instant, so we have the following kind of scenario:
- Imagine that you have the 2 certificates shown below, with #2 being the "newest"
- Until #1 expires, it will continue to be used, because it is valid, and because it is marked as the "default" certificate.
If your client machine only has, or is configured to expect certificate #2 from the server, then you are going to get the problem that you describe above.
Does this make sense?
1:
2:
3:
4:
5:
6:
|
# | Valid From | Valid Until | Default? |
---+---------------------+---------------------+----------+
1 |01/01/2008 @ 00:00:00|12/31/2009 # 23:59:59| Yes |
---+---------------------+---------------------+----------+
2 |07/01/2008 @ 00:00:00|06/30/2009 # 23:59:59| No |
---+---------------------+---------------------+----------+
|
