KB Article #182813
SSL handshake fails on an Alert 48, unkown CA
Problem
Problem can be validated for products that communicate with CFT and that use the SSL protocol.
When the Owner's DN is different from Signer's DN for the ROOT certificate, an abnormal record in the CFTPKI base can explain the issue, and below is the line wich appears in cftlog file :
CFTY13E ... SSL Handshake local error [HANDSHAKE_FAILURE] CR=48 (Unknown CA: certificate verify failed)
cf : https://docs.axway.com/bundle/TransferCFT_310_allO...
Resolution
The Owner's DN sould be = Signer's DN
Below an example wich show that Owner's DN is different from Signer's DN :
Certid.ID= CFEGLUT_ROOT
CerttypeTYPE= ROOT
Rootid.ROOT= CFEGLUT_ROOT
Internal num.INUM=
Signer id.SID= CFEGLUT_ROOT
StateSTATE= ACT
Serial numberSNUMB= 3972443af922b751d7d36c10dd313595
Delivered toUs.CN=
*USERTrust RSA Certification Authority*
Delivered bySi.CN=*AAA Certificate Services
Certificat validity
-------------------
Expired Before :12/03/2019 00:00:00
Expired After:31/12/2028 23:59:59
CommentCOMMENT=
*CERTIFICAT ROOT CFEGLUT
This will create the confusion when receiving the Owner DN .