TLS/SSL handshake failed after upgrade and to log into the Management UI with admin
search cancel

TLS/SSL handshake failed after upgrade and to log into the Management UI with admin

book

Article ID: 387697

calendar_today

Updated On:

Products

CA Directory

Issue/Introduction

After upgrade to 14.1 SP06 on both servers unable to log into the Management UI using the admin user.

<IP1> is primary.

Receiving the following same error on both servers:

[9] 20250129.110155.328 WARN : TLS/SSL handshake failed for call from <IP1>:57990
[3] 20250129.110355.802 WARN : TLS/SSL handshake failed for call from <IP1>:38680
[4] 20250129.110556.268 WARN : TLS/SSL handshake failed for call from <IP1>:51566
[8] 20250129.110756.736 WARN : TLS/SSL handshake failed for call from <IP1>:59840
[6] 20250129.110914.857 WARN : Bind: Authenticated binds only accepted over SSL
[2] 20250129.110957.202 WARN : TLS/SSL handshake failed for call from <IP1>:49780
[0] 20250129.111004.232 WARN : TLS/SSL handshake failed for call from <IP1>:39642
[64] 20250129.111101.802 WARN : Disabling cache prior to exit
[64] 20250129.111110.376 WARN : 'min-auth'/'authentication' is deprecated. Minimum setting in auth-levels is considered as min-auth.
[64] 20250129.111110.376 WARN : password-allow-ignore-suspended is a global property
[64] 20250129.111110.376 WARN : Loading cache
[64] 20250129.111110.378 WARN : Datastore was created at: 20250129084933Z
[64] 20250129.111110.378 WARN : Datastore was created for: <host name>-management-ui
[64] 20250129.111110.379 WARN : Cache loaded, 31 entries
[64] 20250129.111110.380 WARN : Memory used by cache: 1610032 + 2892165
[64] 20250129.111110.381 WARN : Found new MW DSA: <host name>-management-ui
[6] 20250129.111110.724 WARN : DSP: Remote DSA '<host name>-management-ui' refused BIND
[6] 20250129.111110.724 WARN : Marking DSA '<host name>-management-ui' as down
[3] 20250129.111128.325 WARN : TLS/SSL handshake failed for call from <IP2>:37712

Environment

CA directory 14.1 SP06

Cause

Extra/duplicate .pem files in the dxserver personalities folder:

Windows:      %DXHOME%\config\ssld\personalities
Linux:            $DXHOME/config/ssld/personalities

 

There should be 1 of each of the files for each DSA in the environment:

*-.imps-router.pem
*-.impd-notify.pem
*-.impd-main.pem
*-.impd-inc.pem
*-.impd-co.pem

and a single dxadmin.pem.

 


So in an environment with 2 DSAs named 'DSA_01' and 'DSA_02' the \personalities\ folder would contain:

DSA_01-imps-router.pem
DSA_01-impd-notify.pem
DSA_01-impd-main.pem
DSA_01-impd-inc.pem
DSA_01-impd-co.pem

DSA_02-imps-router.pem
DSA_02-impd-notify.pem
DSA_02-impd-main.pem
DSA_02-impd-inc.pem
DSA_02-impd-co.pem

dxadmin.pem

 

You can use the following commands to help identify what DSAs are available when reviewing the \personalities\ folder.

dxserver status 
dxcertget report



Please reach out to support if there are any questions or for assistance.

Resolution

Remove unnecessary .pem file(s) from \CA\Directory\dxserver\config\ssld\personalities\ folder.

Powered by Wolken Software