Problem

Problem can be validated for products that communicate with CFT and that use the SSL protocol.

When the Owner's DN is different from Signer's DN for the ROOT certificate, an abnormal record in the CFTPKI base can explain the issue, and below is the line wich appears in cftlog file :

CFTY13E ... SSL Handshake local error [HANDSHAKE_FAILURE] CR=48 (Unknown CA: certificate verify failed)

cf : https://docs.axway.com/bundle/TransferCFT_310_allO...

Resolution

The Owner's DN sould be = Signer's DN

Below an example wich show that Owner's DN is different from Signer's DN :

Certid.ID= CFEGLUT_ROOT

CerttypeTYPE= ROOT

Rootid.ROOT= CFEGLUT_ROOT

Internal num.INUM=

Signer id.SID= CFEGLUT_ROOT

StateSTATE= ACT

Serial numberSNUMB= 3972443af922b751d7d36c10dd313595

Delivered toUs.CN=

*USERTrust RSA Certification Authority*

Delivered bySi.CN=*AAA Certificate Services

Certificat validity

-------------------

Expired Before :12/03/2019 00:00:00

Expired After:31/12/2028 23:59:59

CommentCOMMENT=

*CERTIFICAT ROOT CFEGLUT

This will create the confusion when receiving the Owner DN .