Event Log error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca


Article ID: 167693


Updated On:


ProxySG Software - SGOS


The Event Log displays one of the error messages repeatedly:

error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown


These errors indicate that the client/browser did not trust the certificate presented by the ProxySG appliance. The client/browser signals an alert when the appliance presents its certificate to the browser, which is not signed by a trusted CA.

When this happens, users see a warning regarding the certificate; when prompted, they decline proceeding to the website. This results in a termination of the SSL session. Then, the message is logged.


The most likely issue is that the appliance certificate was not imported to the browser's trusted CA list.
Add the appliance certificate to browser/client's trusted CA list to prevent alerts from being printed.

For a large, managed environment, Blue Coat suggests pushing the appliance certificate used for SSL proxy as a trusted CA to the browsers using group policy.


Advise users to ignore the certificate warning from the browser and proceed to the site requested.