Why Does Calling API From External System Fail with SSL Routines:ssl3_read_bytes:sslv3 Alert Certificate Unknown?
(Doc ID 2414092.1)
Last updated on AUGUST 03, 2018
Applies to:Oracle API Platform Cloud Service - Version 15.3.3 and later
Information in this document applies to any platform.
There is a development API Gateway in the on-premise DMZ to service remote REST calls.
This has been enabled to "2-way SSL", but still have the behavior set to "Client Certs Requested But Not Enforced".
The F5 is set to pass through SSL so the gateway node terminates.
When calling a test API from a remote system using cURL, the SSL handshake fails unless the DigiCert Root and Intermediate cert are provided using the --cacert parameter.
This same root and intermediate are in the keystore file on the gateway.
The same URL can successfully be called from a browser and the connection is secure.
There is a requirement to be able to call this API without the --cacert parameter.
However, when that is tried, the below error is seen:
Why is this error being seen?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!