Hi,
we are currently trying to send a third party notification to our server over HTTPS. During the SSL handshake we get the following message:
TLSv1 Alert, Level: Fatal, Description: Certificate Unknown.
We checked our servers configuration, and all 3 certificates issued by our SSL provider (StartSSL) are sent with the HTTPS request: server certificate, intermediate certificate and root ca certificate.Checks with third party pages like SSL Checker - SSL Certificate Verify or SSL Certificate Tester - Check Certificates say that the certificate is valid and that the chain is intact, so in theory there shouldn't be a problem.
Maybe the root ca certificate is not accepted by your servers? If that is the case, is there a way to get it included on your side? The needed certificates are freely available from http://startssl.com/certs. If there are any security concerns about it, the StartSSL root certificate is included in all major browsers today, as well as in all current versions of Android, iOS and Microsoft Windows (deployed with Windows Update in September 2009). The company is issuing certificates since 2005.
Sending the notification over HTTP works, but this is not feasible for security reasons.
A wireshark capture of the SSL handshake is attached.
Kind regards.