javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
Hi all.
I'm trying to connect to my service, which is under client certificate authorization, even though key store is successfully recognized, which I see in logs I still cannot connect to my service. Over tools like Postman it works.
I get this error:
- Fri Oct 15 18:50:30 CEST 2021:ERROR:Exception in request: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
Trust store works:
- Fri Oct 15 18:50:18 CEST 2021:INFO:Updating keyStore..
- Fri Oct 15 18:50:18 CEST 2021:INFO:Initializing KeyStore
Thank you for you help
- Labels:
-
SOAP
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is a stackoverflow post that states i
"If you get an alert unknown_ca back from the server, then the server did not like the certificate you've send as the client certificate, because it is not signed by a CA which is trusted by the server for client certificates."
Also, just in case the above info doesnt help (although i expect it to), whenever i have an issue in soapui/readyapi that works fine in postman/insomnia, i always do a comparison of the requests RAW details from Postman/insomnia relative to the request details in soapui/readyapi as more often than not, the difference in the requests headers indicate the cause in some way.
So, try this.
1. Run request in Postman and grab the RAW request details and save them for later.
2. Run the same request in soapui/readyapi and grab the RAW request details and save them.
3. Publish the RAW details here (of both requests) people can then help with the comparison to help resolve the problem.
Cheers,
Rich
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @matijap ,
@richie 's suggestion might definitelly help.
Maybe detailed logging could help to doublecheck the SSL handshake. (Do you use the very same keystore in SoapUI and Postman? Is your server address equal in Postman and SoapUI?)
You can add to your bin/SoapUI-5.6.0.vmoptions the following lines:
-Djavax.net.debug=ssl:record:plaintext
-Djavax.net.debug=ssl:handshake:verbose
Then if you restart SoapUI and visit bin/error.log, you will see the communication details step by step.
Best regards,
Karel
https://apimate.eu
