https://community.cisco.com/t5/endpoint-security/webhook-https-error-quot-certificate-unknown-quot/m-p/5446929#M13213 <P>Have you checked which certificate you are presenting? It's definitely the public certificate you have bought?</P><P>Can you point your web browser at your server and get it to connect with no TLS errors?</P><P>Is your server presenting a correct chain of certificates?</P> Tue, 08 Sep 2020 20:50:28 GMT Philip D'Ath 2020-09-08T20:50:28Z https://community.cisco.com/t5/endpoint-security/webhook-https-error-quot-certificate-unknown-quot/m-p/5446928#M13212 <P>We are integrating meraki with another application which acts as web server. SSL certificate configured in application webserver. Certificated has been signed and issued by authorized CA </P><P>1. Webhook configured towards application webserver in Meraki </P><P>2. When we click "send test webhooks" from Meraki GUI it shows "failed" whereas in application server side below error reported,</P><P>Traceback (most recent call last):<BR />File "/usr/lib64/python2.7/SocketServer.py", line 295, in _handle_request_noblock<BR />self.process_request(request, client_address)<BR />File "/usr/lib64/python2.7/SocketServer.py", line 321, in process_request<BR />self.finish_request(request, client_address)<BR />File "/usr/lib64/python2.7/SocketServer.py", line 334, in finish_request<BR />self.RequestHandlerClass(request, client_address, self)<BR />File "/usr/lib64/python2.7/SocketServer.py", line 649, in __init__<BR />self.handle()<BR />File "/usr/lib64/python2.7/BaseHTTPServer.py", line 340, in handle<BR />self.handle_one_request()<BR />File "/usr/lib64/python2.7/BaseHTTPServer.py", line 310, in handle_one_request<BR />self.raw_requestline = self.rfile.readline(65537)<BR />File "/usr/lib64/python2.7/socket.py", line 476, in readline<BR />data = self._sock.recv(self._rbufsize)<BR />Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert certificate unknown'), ('SSL routines', 'ssl23_read', 'ssl handshake failure')]</P><P>3. TCPDUMP shows Meraki responds backs "Certificate Unknown (46)" for "Server Hello, Certificate, Server Hello Done".</P><P>Questions,</P><P>1. How Meraki differentiates Known and unknown certificates?</P><P>2. Do we need add webserver certificates in Meraki?</P> Tue, 08 Sep 2020 19:02:02 GMT https://community.cisco.com/t5/endpoint-security/webhook-https-error-quot-certificate-unknown-quot/m-p/5446928#M13212 nabalaji 2020-09-08T19:02:02Z https://community.cisco.com/t5/endpoint-security/webhook-https-error-quot-certificate-unknown-quot/m-p/5446929#M13213 <P>Have you checked which certificate you are presenting? It's definitely the public certificate you have bought?</P><P>Can you point your web browser at your server and get it to connect with no TLS errors?</P><P>Is your server presenting a correct chain of certificates?</P> Tue, 08 Sep 2020 20:50:28 GMT https://community.cisco.com/t5/endpoint-security/webhook-https-error-quot-certificate-unknown-quot/m-p/5446929#M13213 Philip D'Ath 2020-09-08T20:50:28Z https://community.cisco.com/t5/endpoint-security/webhook-https-error-quot-certificate-unknown-quot/m-p/5446930#M13214 <P><SPAN> <A href="https://community.meraki.com/t5/user/viewprofilepage/user-id/340">@Philip D'Ath</A> </SPAN>Thanks for response.</P><P>Sorry for the late update on this thread.<BR /><BR />The issue turned out to be one of the intermediate certificates was not issued by Global CA. So we created the entire chain of certificates again with proper Global CA and it resolved the issue.</P><P>Suggestions:</P><P>1. Ensure certificates are issued by Global CA.</P><P>2. If there are multiple chain of certificates then present all chain of certificates until root (server certificates + Intermediate certificates + root certificates) while connecting to Meraki.</P> Wed, 23 Sep 2020 14:34:19 GMT https://community.cisco.com/t5/endpoint-security/webhook-https-error-quot-certificate-unknown-quot/m-p/5446930#M13214 nabalaji 2020-09-23T14:34:19Z