0

I am trying to implement the HTTPS on an internal web application which uses Play framework (version 2.5) as a Backend framework and Angular as Frontend and I have created a self signed certificate with Keytool following the Play framework documentation:

https://www.playframework.com/documentation/2.5.x/CertificateGeneration.

Then I save the '.crt' file in cacerts (java keystore) and provide the .jks when starting the application with these additional commands:

-Dplay.server.https.keyStore.path="path-to-jks-file"
and -Dplay.server.https.keyStore.password="the-password-here"

But after trying to make a request to the server I get an error:

javax.net.ssl.SSLException: Received fatal alert: certificate_unknown (image below)

Although the handshake happens after that and the HTTPS works correctly. Any ideas how to solve this issue

Link to error image

Kreshnik
  • 1
  • 2
  • "while running the application" - what happens when you restart the application? – J_D May 17 '19 at 15:01
  • @J_D this error happens whenever I make a request, restarting the application doesn't fix the error. – Kreshnik May 20 '19 at 07:34
  • Great! "while running the application" was ambiguous. – J_D May 20 '19 at 07:38
  • Check out this post:https://stackoverflow.com/questions/29485987/ssl-exception-javax-net-ssl-sslhandshakeexception-received-fatal-alert-certif – J_D May 20 '19 at 07:42
  • Yes you were right, I have just edited that part. Thanks! – Kreshnik May 20 '19 at 08:04
  • I just read the post you recommended and I couldn't find the relation to my problem.The error happens whether I provide a certificate for the client or not. Could it be that the browser tls mechanism that checks for the validity of the certificate is triggering this error. An additional info: In Firefox the error shown is 'bad_certificate' instead of 'unknown_certificate' - in Chrome browser. – Kreshnik May 20 '19 at 08:30

1 Answers1

0

I have fixed this issue now. The problem with Chrome Browser was on 'Subject Alternative Name' missing, which is required from Chrome 58+ and that caused the error during the tls handshake. After adding SAN property to the certificate the problem is gone. I posted this answer to help anyone who might have the same problem...

Kreshnik
  • 1
  • 2