My cloud monitors are returning SSL certificate error:
(9260) SSL certificate problem: unable to get local issuer certificate (Peer certificate cannot be authenticated with given CA certificates)
But it works fine in the browser.
Intermediate Certificate is missing. The reason the website works when you put it into a browser is that the browser is only checking for the certificate only, not the chain. ASM checks the entire certificate chain, end to end, and if any part of that chain is missing or expired, ASM will alert you.
Release: ASM 10.x
While reviewing the certificate chain, for the URL being monitored, we found that the Intermediate Certificate was missing.
This caused the error (9260) SSL certificate problem: unable to get local issuer certificate (Peer certificate cannot be authenticated with given CA certificates) to show up.
To resolve this, update the site to provide the Intermediate Certificate.
There are different ways to install an Intermediate Certificate and it all depends on on your Certificate Authority. A few examples would be for Microsoft IIS and Exchange - https://www.kinamo.be/en/support/faq/microsoft-iis-install-intermediate-ssl-certificate. For pfx - https://rootsecurity.nl/2013/07/21/create-a-pfx-file-containing-the-intermediate-ca-certificate-using-openssl-on-windows/
For a more detailed explanation on what an Intermediate Certificate is https://knowledge.digicert.com/generalinformation/INFO4033.html
Note: You can also use an online SSL Checker to verify your certificate chain.
You can also disable "Verify certificate" in the Advanced settings of the Monitor. Note: If disabled, ASM will not be able to warn you if there is an issue with your certificate chain or when the certificate is going to expire.