Problem

An error like the following is seen with connecting to an SSL endpoint:

error:140CF086:SSL routines:ssl_verify_cert_chain:certificate verify failed, source location: crypto.cpp:262 
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed, source location: s3_clnt.c:1269 
java.lang.RuntimeException: SSL protocol error 
error:140CF086:SSL routines:ssl_verify_cert_chain:certificate verify failed, source location: crypto.cpp:262 
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed, source location: s3_clnt.c:1269 

Resolution

This can happen if there are multiple CA Certificates with the same CN but different serials are found in the truststore. This should be corrected. The same problem may also arise when SNI (Server Name Indication) is not sent, because the endpoint can return a certificate for a hostname other than the one used by the gateway. In that case, SNI should be enabled in the remote host, along with the option to check that the server name matches the certificate's CN, which is required for the SNI option to take effect.