SSL Certificates: Error Contacting Host SSL

Symptom:

You see the following SSL error when running an API Monitoring test:

Failed: Error contacting host SSL: certificate signed by unknown authority

Solution:

To help debug this issue, we recommend using SSLLabs SSL Server Test tool. Open the tool in a new tab, add your hostname, hit Submit, and check the results of the test for any warnings and errors.

The two most common causes you're seeing the error, and how to fix it, are:

Certificate From Unsupported CA

The certificate is signed by an authority not supported by API Monitoring. Check our Supported SSL CA Certificates for Radar Agent article for more information. If your certificate authority is not on that list, you can fix the issue by:

  • If you control the server, you can get a new certificate with one of the supported authorities in our list and update your server.
  • If you're using a 3rd-party API, you can reach out to your provider to see if they can change the certificate or offer an alternative solution.
  • If the test is for functionality of the API, and not security, you can disable SSL verification in your test by going to your API Monitoring environment -> Behaviors -> Validate SSL, or for all tests in your bucket by going to Bucket Settings -> Traffic Inspector -> Verify SSL Certificates.

Incomplete Certificate Chain

The server has an incomplete certificate chain. That means the server is not providing the necessary intermediate certificates. Browsers and some clients will automatically download them, but many API/HTTP clients won't. You can fix this issue by:

  • If you have control of the server, you'll need to bundle the missing certificates. You can find instructions on how to do that by searching: "(name of your certificate issuer) bundle intermediate certificates" (Example).
  • If you're using a 3rd-party API, you can reach out to your provider to see if they can change the certificate or offer an alternative solution.
  • If the test is for functionality of the API, and not security, you can disable SSL verification in your test by going to your API Monitoring environment -> Behaviors -> Validate SSL, or for all tests in your bucket by going to Bucket Settings -> Traffic Inspector -> Verify SSL Certificates.