The following are common errors encountered during SSL handshake:
javax.net.ssl.SSLHandshakeException: Untrusted Cert Chain
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at oracle.apps.ecx.oxta.getSSLConnection(SSLConnection.java:132)
Caused by: java.security.cert.CertificateException: Untrusted Cert Chain
at oracle.security.pki.ssl.C15.checkClientTrusted(C15)
at oracle.security.pki.ssl.C15.checkServerTrusted(C15)
at oracle.security.pki.ssl.C02.checkServerTrusted(C02)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
Description: This means that the client failed to authenticate the server.
Resolution: To rectify this error, add the top level CA certificate of the destination server as a trusted certificate in the wallet. This is assuming that the server presents its entire certificate chain during SSL handshake. If it is configured to present only the leaf level certificate, then all the CA certificates in the chain have to be added to the wallet as trusted certificates.
Received fatal alert: unknown_ca
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at oracle.apps.ecx.oxta.getSSLConnection(SSLConnection.java:132)
Description: This means client authentication failed.
Resolution: To rectify this error, the user certificate in the wallet along with issuer CA certificates if there are any has to be sent over to the server and used in the configuration for client authentication.