Event Log error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Article ID: 167693
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
The Event Log displays one of the error messages repeatedly:
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
Cause
These errors indicate that the client/browser did not trust the certificate presented by the ProxySG appliance. The client/browser signals an alert when the appliance presents its certificate to the browser, which is not signed by a trusted CA.
When this happens, users see a warning regarding the certificate; when prompted, they decline proceeding to the website. This results in a termination of the SSL session. Then, the message is logged.
When this happens, users see a warning regarding the certificate; when prompted, they decline proceeding to the website. This results in a termination of the SSL session. Then, the message is logged.
Resolution
The most likely issue is that the appliance certificate was not imported to the browser's trusted CA list.
Add the appliance certificate to browser/client's trusted CA list to prevent alerts from being printed.
For a large, managed environment, Blue Coat suggests pushing the appliance certificate used for SSL proxy as a trusted CA to the browsers using group policy.
Workaround
Advise users to ignore the certificate warning from the browser and proceed to the site requested.Feedback
Yes
No
Powered by
