search cancel

intermittent issue with cert trust CertificateException found but not trusted for SS

book

Article ID: 256044

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We are facing intermittent failure in cert handshake with the error msg  : 

CertificateException: Server cert 'cn=*.someserver.net' found but not trusted for SSL.
Caused by: Server cert 'cn=*.someserver.net' found but not trusted for SSL.

 

We did verify everything looks good in terms of configuration and in fact 90% of the calls are going successful, still we are getting 10% failures across all the servers on two different clusters while connecting to same backend.

 

Environment

Release : 10.0

Resolution

The Trust is based on more then name, it is based on the SHA thumbprint of the certificate returned. Depending on what host in the pool of back-ends it was hitting the CN was the same but the thumbprint was different.