Received fatal alert: certificate_unknown

Question

I try to add (and consume) an REST api on HTTPS through API Manager.

So, with a little schema :

Client (SoapUi) --HTTPS--> APIM --HTTPS--> REST API
Result: Failed

Client (SoapUi) --HTTP--> APIM --HTTPS--> REST API
Result: Failed

Here the stack :

2019-05-17 10:31:02,090 [-] [HTTPS-Listener I/O dispatcher-1] ERROR SourceHandler I/O error: Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
    at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800)
    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:245)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:280)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
    at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
    at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
    at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
    at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
    at java.lang.Thread.run(Thread.java:745)

I think the problem is between API Manager and the REST API

The REST API Certificate is composed like this :

CA Root Sectigo  
    |  
    --> Gandi
         |
          --> wildcard's Company

I try to add (via publisher's site) the Wildcard's company => no change
I try to add CA root to jvm keystore => no change

Actually, API Manager had the default Self Signed certificate. Maybe it's a part of the problem.

Any ideas? Regards, Mike

What did you mean by `via publisher's site`? – Bee May 17 '19 at 10:29 — Bee, May 17 '19 at 10:29

Received fatal alert: certificate_unknown

0 Answers0