Forum Discussion

matijap's avatar
matijap
New Member
4 years ago

javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca

Hi all.

 

I'm trying to connect to my service, which is under client certificate authorization, even though key store is successfully recognized, which I see in logs I still cannot connect to my service. Over tools like Postman it works.

 

I get this error:

  • Fri Oct 15 18:50:30 CEST 2021:ERROR:Exception in request: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca

Trust store works:

  • Fri Oct 15 18:50:18 CEST 2021:INFO:Updating keyStore..
  • Fri Oct 15 18:50:18 CEST 2021:INFO:Initializing KeyStore

Thank you for you help

SOAP
  • richie's avatar
    richie
    Community Hero
    4 years ago
    Hey matijap,

    There is a stackoverflow post that states i

    "If you get an alert unknown_ca back from the server, then the server did not like the certificate you've send as the client certificate, because it is not signed by a CA which is trusted by the server for client certificates."

    Also, just in case the above info doesnt help (although i expect it to), whenever i have an issue in soapui/readyapi that works fine in postman/insomnia, i always do a comparison of the requests RAW details from Postman/insomnia relative to the request details in soapui/readyapi as more often than not, the difference in the requests headers indicate the cause in some way.

    So, try this.

    1. Run request in Postman and grab the RAW request details and save them for later.
    2. Run the same request in soapui/readyapi and grab the RAW request details and save them.
    3. Publish the RAW details here (of both requests) people can then help with the comparison to help resolve the problem.

    Cheers,

    Rich
  • KarelHusa's avatar
    KarelHusa
    Champion Level 1
    4 years ago

    Hi matijap ,

    richie 's suggestion might definitelly help. 

     

    Maybe detailed logging could help to doublecheck the SSL handshake. (Do you use the very same keystore in SoapUI and Postman? Is your server address equal in Postman and SoapUI?)

     

    You can add to your bin/SoapUI-5.6.0.vmoptions the following lines:

    -Djavax.net.debug=ssl:record:plaintext
    -Djavax.net.debug=ssl:handshake:verbose

     

    Then if you restart SoapUI and visit bin/error.log, you will see the communication details step by step. 

     

    Best regards,

    Karel