We have IBM Domino / Notes server that needs to connect to another server in our organization via HTTPS. Few days ago we've changed certificate on that server and loaded new certificate to ibm server (into cacerts and into internet certificate list in ibm administrator). Since that, we have the following errors:
- Exception on HttpConnector.sendPostRequest with stack:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 5950
at com.ibm.jsse2.o.a(o.java:8)
...
at http.HttpConnector.send(Unknown Source)
at http.HttpConnector.sendPostRequest(Unknown Source)
Caused by: java.security.cert.CertificateException: 5950
at com.ibm.domino.napi.ssl.DominoX509TrustManager.checkServerTrusted(DominoX509TrustManager.java:98)
at com.ibm.jsse2.lb.a(lb.java:30)
... 19 more
- Error in error-log-0.xml with text:
Certificate with subject [certificate info, see further] is not trusted. Validation failed with error 5950.
But, the certificate info is about the old certificate - the one that is not used anymore.
So, somehow Domino thinks that it needs to use the old certificate, not the new one. But, when I open the corresponding URL on Domino server via browser, it shows the new certificate.
What problem can it be and how to fix it? Thanks.
0 Answers