Encryption and authentication > Security configurations > Configuring SSL for a Service Broker > Trouble shooting
Trouble shooting
Subject name and host name
The certificate subject name must be the same as the host name (case sensitive). For example, if the Service Broker runs on the host xyz, using a server certificate with subject name XYZ, all clients trying to establish an SSL connection using xyz as the host name will fail.
Domain name and IP address
The Service Broker cannot contact a StreamServer using domain name or IP address. It can only contact StreamServers using local machine names.
XKMS server specific
XKMS server is not running.
The client’s trusted XKMS CA is not configured.
The certificate used by the XKMS server is not issued by a trusted CA.
The host name used to access the XKMS server does not match subject name (case sensitive) in the received certificate.
The user name or password is not correct.
The certificate ID is not registered in the XKMS server.
The private key ID is not registered in the XKMS server.
The pass phrase does not match the private key ID.
Parsing the configuration file
There are a number of error scenarios when parsing the configuration file. All of these are related to missing or incorrect information. Parse errors are also logged in the Service Broker log with a description of the problem, and a line number where the problem is located. The location information can be used as a rough pin pointer of the problem, because it only counts handled configuration lines (empty lines and comments are not counted). If the error is a missing or incorrect parameter this will not be detected until the next END_SECURITY_CONFIGURATION is found. In these scenarios the row counter will not point to the failing parameter but to the END_SECURITY_CONFIGURATION line. The error text can give you more information about the real problem.
Binding names
The Service Broker identifies its SSL server and SSL client through two predefined names. The SSL server port binding must be named SERVICE_BROKER_SSL_SERVER, and the SSL client port binding must be named SERVICE_BROKER_SSL_CLIENT. See The Service Broker security configuration file above.
OpenText StreamServe 5.6 Updated: 2013-03-01