[openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

Viktor Dukhovni openssl-users at dukhovni.org
Tue Apr 25 20:55:14 UTC 2017

> On Apr 25, 2017, at 4:41 PM, Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu> wrote:
>    Client objects to the server chain.  Either does not trust the MiTM root CA, or
>    is unhappy about its encoding (assuming tshark is not generating an FP warning).
> Thank you!  So it is the *client* that breaks the connection, and it is unhappy either about MiTM, or the encoding. I will check for both (though not much I can do about either).

Well, if there is not facility to configure the client's trusted root CAs,
then of course it won't trust the MiTM root cert.  Presumably you've added
that cert to some trust store on the system in question.

The support staff for the product should be able to tell you how to configure
trusted TLS CAs, if these are configurable.

If the product is not using OpenSSL, this question really is off topic for
this list.  If it is using OpenSSL, there may be some place where it looks
for its CAfile or some CApath directory.


More information about the openssl-users mailing list