Troubleshooting SSL Handshake Error

Troubleshooting SSL Handshake Error

SSL Handshake Error

SSL Handshake error occurs when a secure connection cannot be established to the URL added for monitoring. Common reasons for it are wrong SSL protocol version, incompatible ciphers, and invalid/missing client-side certificate. 

Check if the URL is accessible

Ensure that the URL added for monitoring is accessible from the server where Applications Manager is installed. Check if the URL can be accessed over  https://  in an incognito/private browser window. 
You can also check if a URL is accessible by using cURL/Wget.
Navigate to the edit monitor page and change the protocol version to "Auto", poll the monitor a couple of times, and check. This will allow Applications Manager to pick the most appropriate protocol and will help to avoid an SSL Handshake Error because of the wrong SSL protocol version. If this does not solve the issue, then follow the steps mentioned below.

Enable more ciphers

Applications Manager Version
Troubleshooting step
14760 and above
Navigate to Admin > Global Settings > Check "Enable weaker ciphers and algorithms"  >  Click Save. 

Restart Applications Manager and poll the monitor 1-2 times and check.
14270-14750
Navigate to [Applications Manager Home]
 
> working > jre > lib > security
Here, take a backup of java.security file. 

After this, apply the patch named "Java_Security_Patch" which is attached.
Restart Applications Manager, poll the monitor a couple of times, and check.
14260 and before
Follow these steps to upgrade the JCE jars. 

After completing the steps mentioned, restart Applications Manager and poll the monitor 1-2 times and check.

The above steps will troubleshoot the incompatible ciphers issue as it will enable ciphers that are not supported by default. 

Check client-side certificate

If the URL uses client-side authentication (AKA 2 way authentication) then, ensure that the client certificate applied has not expired and the password added in the monitor is correct. You can check if the client certificate is present by navigating to  [Applications Manager Home] > working > Cert > URL. Here, check for the presence of the client certificate file. If the file is not present then, try updating the monitor with the certificate file. 

Check proxy settings

Check if you have proxy enabled. If you do, then bypass the domain of the URL from the proxy and poll the monitor a couple of times. 
To bypass the domain of the URL navigate to Admin > Connectivity > Proxy Server > 
"Do not use a proxy for addresses beginning with". Here, mention the domain of your URL, for example, if the URL is https://www.example.com/sampleURI  then mention " www.example.com;"  in the field.

                  New to ADSelfService Plus?

                    • Related Articles

                    • Troubleshooting URL Monitor

                      Here are few of the common errors you may come across in URL monitor, we have mentioned the steps you can follow to troubleshoot them. General troubleshooting for URL monitor Ensure that the URL is accessible from the server in which Applications ...
                    • Real User Monitor (RUM) - Troubleshooting

                      If the monitor has not polled data for a long time, follow the steps below for troubleshooting: Step 1: Check the RUM Agent configuration Real User Monitor requires the RUM Agent to be installed and mapped to the Applications Manager. Refer the help ...
                    • Troubleshooting Nutanix Monitor Handshake error in Applications Manager

                      If you encounter a handshake error while trying to access a Nutanix monitor, follow these steps to troubleshoot and resolve the issue: Ensure that all validations are performed from the machine where Applications Manager is installed. Verify Port and ...
                    • LDAP - Unable to find valid SSL Certificate

                      If there is an error while adding LDAP Server Monitor with the message "Unable to find valid SSL Certificate", then please try the below steps to troubleshoot the issue. When the error occurs we can find the below traces in the "stderr.txt.*" log ...
                    • How to monitor SSL Certificate of FTPS server?

                      Two modes to invoke client security in FTPS Explicit mode Implicit mode Explicit mode (Default port 21) - This port shouldn't be used In Explicit mode, an FTPS client must "explicitly request" security from an FTPS server by sending an FTP command ...