search cancel

intermittent issue with cert trust CertificateException found but not trusted for SS


Article ID: 256044


Updated On:


CA API Gateway


We are facing intermittent failure in cert handshake with the error msg  : 

CertificateException: Server cert 'cn=*' found but not trusted for SSL.
Caused by: Server cert 'cn=*' found but not trusted for SSL.


We did verify everything looks good in terms of configuration and in fact 90% of the calls are going successful, still we are getting 10% failures across all the servers on two different clusters while connecting to same backend.



Release : 10.0


The Trust is based on more then name, it is based on the SHA thumbprint of the certificate returned. Depending on what host in the pool of back-ends it was hitting the CN was the same but the thumbprint was different.