Ask a Question
Log In / Sign Up
Resources
Ask a Question
Log In Sign Up

javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca

matijap
New Member
‎10-15-2021 10:00 AM
‎10-15-2021 10:00 AM

javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca

Hi all.

 

I'm trying to connect to my service, which is under client certificate authorization, even though key store is successfully recognized, which I see in logs I still cannot connect to my service. Over tools like Postman it works.

 

I get this error:

  • Fri Oct 15 18:50:30 CEST 2021:ERROR:Exception in request: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca

Trust store works:

  • Fri Oct 15 18:50:18 CEST 2021:INFO:Updating keyStore..
  • Fri Oct 15 18:50:18 CEST 2021:INFO:Initializing KeyStore

Thank you for you help

Labels:
0 Kudos
2 REPLIES 2
richie
Community Hero
Community Hero
‎10-17-2021 05:46 AM
‎10-17-2021 05:46 AM

Hey @matijap,

There is a stackoverflow post that states i

"If you get an alert unknown_ca back from the server, then the server did not like the certificate you've send as the client certificate, because it is not signed by a CA which is trusted by the server for client certificates."

Also, just in case the above info doesnt help (although i expect it to), whenever i have an issue in soapui/readyapi that works fine in postman/insomnia, i always do a comparison of the requests RAW details from Postman/insomnia relative to the request details in soapui/readyapi as more often than not, the difference in the requests headers indicate the cause in some way.

So, try this.

1. Run request in Postman and grab the RAW request details and save them for later.
2. Run the same request in soapui/readyapi and grab the RAW request details and save them.
3. Publish the RAW details here (of both requests) people can then help with the comparison to help resolve the problem.

Cheers,

Rich
if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
0 Kudos
KarelHusa
Champion Level 3
Champion Level 3
‎10-20-2021 11:34 PM
‎10-20-2021 11:34 PM

Hi @matijap ,

@richie 's suggestion might definitelly help. 

 

Maybe detailed logging could help to doublecheck the SSL handshake. (Do you use the very same keystore in SoapUI and Postman? Is your server address equal in Postman and SoapUI?)

 

You can add to your bin/SoapUI-5.6.0.vmoptions the following lines:

-Djavax.net.debug=ssl:record:plaintext
-Djavax.net.debug=ssl:handshake:verbose

 

Then if you restart SoapUI and visit bin/error.log, you will see the communication details step by step. 

 

Best regards,

Karel

 

Karel@apimate.eu
https://apimate.eu
0 Kudos
Subscribe
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: