Event Log error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

book

Article ID: 167693

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The Event Log displays one of the error messages repeatedly:

error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
 

Cause

These errors indicate that the client/browser did not trust the certificate presented by the ProxySG appliance. The client/browser signals an alert when the appliance presents its certificate to the browser, which is not signed by a trusted CA.

When this happens, users see a warning regarding the certificate; when prompted, they decline proceeding to the website. This results in a termination of the SSL session. Then, the message is logged.
 

Resolution

The most likely issue is that the appliance certificate was not imported to the browser's trusted CA list.
Add the appliance certificate to browser/client's trusted CA list to prevent alerts from being printed.

For a large, managed environment, Blue Coat suggests pushing the appliance certificate used for SSL proxy as a trusted CA to the browsers using group policy.
 

Workaround

Advise users to ignore the certificate warning from the browser and proceed to the site requested.