Results 1 to 4 of 4

Thread: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

  1. #1
    Join Date
    May 2008
    Location
    Des Moines, IA
    Posts
    89
    Rep Power
    7

    Default javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

    I've just noticed repeated entries in one of my logs:

    Code:
    $ grep certificate_unknown /opt/zimbra/log/mailbox.log
    2010-04-28 14:46:03,665 WARN  [btpool0-8] [] log - javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
    After a brief jaunt around Google it seems that all related topics were From developers To developers. I am NOT a programmer and I really didn't get much out of those searches.

    These messages are being generated in the log about 1 every minute. The server is sending and receiving fine. I'm not sure what the cause could be.

    I've scripted the process for a yearly auto-renewal of the self-signed cert. So, certificate generation is consistent. It seems to be working in the test lab. I'm not sure what's different in production.

    These are the cert details:
    Code:
    # zmcertmgr viewdeployedcrt
    ::service mta::
    notBefore=Apr 21 02:47:06 2010 GMT
    notAfter=May 21 02:47:06 2011 GMT
    subject= /C=US/ST=IA/O=familiesfirstinc/OU=OFFICE/CN=*.domain.tld
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.domain.tld
    SubjectAltName= 
    ::service proxy::
    notBefore=Apr 21 02:47:06 2010 GMT
    notAfter=May 21 02:47:06 2011 GMT
    subject= /C=US/ST=IA/O=familiesfirstinc/OU=OFFICE/CN=*.domain.tld
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.domain.tld
    SubjectAltName= 
    ::service mailboxd::
    notBefore=Apr 21 02:47:06 2010 GMT
    notAfter=May 21 02:47:06 2011 GMT
    subject= /C=US/ST=IA/O=familiesfirstinc/OU=OFFICE/CN=*.domain.tld
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.domain.tld
    SubjectAltName= 
    ::service ldap::
    notBefore=Apr 21 02:47:06 2010 GMT
    notAfter=May 21 02:47:06 2011 GMT
    subject= /C=US/ST=IA/O=familiesfirstinc/OU=OFFICE/CN=*.domain.tld
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.domain.tld
    SubjectAltName=
    Code:
    $ hostname
    zerver.domain.tld
    
    $ nslookup zerver.domain.tld
    Name:	zerver.domain.tld
    Address: 10.0.0.14
    
    $ nslookup mail.domain.tld
    Name:	mail.domain.tld
    Address: 10.0.0.14
    
    $ nslookup 10.0.0.14
    14.0.0.10.in-addr.arpa	name = mail.domain.tld.
    Again, this is the same process I use when testing and these messages do not appear in the logs on the test boxes. What's gone wrong here?

    Thanks in advance,
    todd_dsm

    Don't forget to Vote for this RFE:
    RFE: A place To Display the contents of 'My Documents'
    Reasoning: It's new, bold, and cool.
    Last edited by todd_dsm; 10-08-2010 at 10:26 AM.

  2. #2
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    have you seen this?

    http://www.zimbra.com/forums/zimbra-...e-edition.html

    it might suggest that the error is coming from a client app trying to connect and constantly erroring on the ssl. as far as you can tell is everything working correctly even though you see this error?

  3. #3
    Join Date
    May 2008
    Location
    Des Moines, IA
    Posts
    89
    Rep Power
    7

    Default

    bdial, Yes - everything is smooth as you could expect.

    I know there are users at the client site that have blackberries, androids, and iphones that maybe trying to connect. I will look into the link you left above and get root-cause back when I find something.

    Thanks for the reply,

    TT

  4. #4
    Join Date
    May 2008
    Location
    Des Moines, IA
    Posts
    89
    Rep Power
    7

    Default

    @bdial

    The link you posted doesn't seem to be relevant to this scenario. Here's why:

    1) I checked the logs. The error occurred before delivering to the client's site. It was there from the beginning of the first day. At this point I was the only one accessing the box.

    2) I found a post that links btpool errors to Apache.
    I guess I don't get the 'solved' part. To me it just seems to trail off...

    3) Certificate says 'Unknown'
    • Connect to server via https://mail.domain.tld
    • Click on the cert to the left of the webb address. It says:
      You are connected to domain.tld
      Which is run by (unknown)


    After a little more testing I've determined that 2 things cause this:
    1) It definitely happens when in Firefox and confirming a certificate exception.
    2) Something else :P There must be other reasons for generating this error. I have ga-jillions of them in my logs and only 57 users creating a 1-time cert exception.

    I'll just be explicit here. I'm not so well versed with apache's relationship with Certs. It seems a matter of filling in that 'unknown' entry in the cert but that's just a thin, thin theory.

    I used the self-signed cert info from the wiki.

    Any theories/ideas?

    Thanks in advance,
    todd_dsm

    Don't forget to Vote for this RFE:
    RFE: A place To Display the contents of 'My Documents'
    Reasoning: It's new, bold, and cool.
    Last edited by todd_dsm; 10-08-2010 at 10:26 AM.

Similar Threads

  1. Replies: 23
    Last Post: 01-24-2013, 03:44 PM
  2. Zimbra .pids / service monitoring
    By bin2hex in forum Administrators
    Replies: 24
    Last Post: 04-03-2010, 10:12 PM
  3. [SOLVED] Error running mailboxd after script backup
    By ttortosa in forum Administrators
    Replies: 5
    Last Post: 10-22-2008, 02:33 AM
  4. [SOLVED] Mailserver down when send file attach of 50Mb
    By ZMilton in forum Administrators
    Replies: 20
    Last Post: 04-10-2008, 12:44 PM
  5. [SOLVED] ldap errors on zimbra start
    By jimbo in forum Administrators
    Replies: 1
    Last Post: 01-14-2008, 09:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •