Received fatal alert: certificate_unknown

0
Currently I am converting our v3 cloud to the v4 cloud. During testing I get certificate errors. How can I find out which certificate is giving the error:   13:41:23APPERRORcdd: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown 13:41:23APPINFOat org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:763) 13:41:23APPINFOat sun.security.ssl.Alerts.getSSLException(Alerts.java:198) 13:41:23APPINFOat sun.security.ssl.Alerts.getSSLException(Alerts.java:159) 13:41:23APPINFOat sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2041) 13:41:23APPINFOat sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1145) 13:41:23APPINFOat sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388) 13:41:23APPINFOat sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416) 13:41:23APPINFOat sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1400) 13:41:23APPINFOat sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) 13:41:23APPINFOat sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) 13:41:23APPINFOat sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1340) 13:41:23APPINFOat sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1315) 13:41:23APPINFOat sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264) 13:41:23APPINFOat cddinterface.actions.createMeldingHTTPS.executeAction(createMeldingHTTPS.java:106) 13:41:23APPINFOat cddinterface.actions.createMeldingHTTPS.executeAction(createMeldingHTTPS.java:28)
asked
2 answers
0

You should take a look at your custom java action:

 

  • 13:41:23APPINFOat cddinterface.actions.createMeldingHTTPS.executeAction(createMeldingHTTPS.java:106)
  • 13:41:23APPINFOat cddinterface.actions.createMeldingHTTPS.executeAction(createMeldingHTTPS.java:28)

 

Based on that you can determine the endpoint. Run that through https://www.ssllabs.com/ssltest/ see if it points out issues like old TLS versions.

It’s possible java versions are different between Mendix Cloud v3 and v4. Hence above suggestion.

 

answered
0

In our case we had a mutual SSL connection. If I use the same certificate as in the V3 the V4 would give errors due to different URL's. Only after the migration the problem would be solved again because then the URL would be the same again as in the V3 cloud. We solved it by creating new certificates that had both URL's in the chain so the certificate would work on both environments (V3 and V4).

Regards,

Ronald

 

answered