SSL HandShake exception

Question

I use SSL connection to connect web client to server. It works without any problem for a long time. But from yesterday it gives following error can anyone tell me the reason

Answer 1

When I received this error, the problem was that the server certificate was using signature algorithm SHA1withRSA and Android 8.0 client. Switching to server certificate based on SHA256withRSA fixed the issue.

Answer 2

I have spent more than 12 hours on this issue. After creating a self-signed certificate it is required to export that certificate to the cacert file. In my case it was located in /usr/lib/java/jre/lib/security/cacert. You can export the certificate by using the keytool (you probably have to have root access):

$ sudo keytool -exportcert -alias keyStoreAlias -keystore \
       keyStoreKeys.keys -file /usr/local/java/jre/lib/security/cacerts

Answer 3

I would first check to see if the cert in question has expired. Have run into this many times when working with vendors. They can update their certs without letting us know.

Answer 4

This 'certificate_unknown' is a very misleading error message. This is the same error message thrown when a certificate has expired even if it is in the truststore. I suggest checking the expiration date of the certificate before you waste your time on anything else.

Answer 5

The certificate presented by the server is not trusted. This may be due to the certificate being expired, or the trust manager not being able to establish a chain of trust to any of the certificates in your trust store.

Answer 6

Check the the cert is valid, you can do this with your browser.