Consider the following scenario:
You run an application that uses Session Integrator in Microsoft Host Integration Server 2010 to connect to an IBM mainframe by using the TN3270 service.
Session Integrator connects to TCP/IP port 992. This is the TN3270 port that supports Secure Sockets Layer (SSL).
The Session Integrator application is configured as CertificateCheck = TNCertificateCheck.None to indicate that the server certificate will not be verified.
In this scenario, if the certificate on the IBM mainframe is large, Session Integrator may return the following exception when it connects to the IBM mainframe system:
Microsoft.HostIntegration.SNA.Session.SessionException: Server certificate check failed
For example, this problem occurs when the certificate that is used for the TN3270 SSL connection is 4,000 bytes long. This problem does not occur when the certificate is 1,500 bytes long.
This problem occurs because Session Integrator incorrectly reads the certificate data.
Cumulative update information
The fix that resolves this issue is included in cumulative update package 6 for Host Integration Server 2010. For more information about how to obtain the cumulative update package, click the following article number to view the article in the Microsoft Knowledge Base:
2752426 Cumulative update package 6 for Host Integration Server 2010
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.