Failing to access IDR Web resources with certificate chain not verified symptoms
Article Number
Issue
Caused by: javax.net.ssl.SSLException: Certificate not verified. at com.rsa.sslj.x.aI.b(Unknown Source) at com.rsa.sslj.x.aI.a(Unknown Source) at com.rsa.sslj.x.aI.a(Unknown Source) at com.rsa.sslj.x.aK.unwrap(Unknown Source) at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:282) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1372) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1267) ... 33 more Caused by: com.rsa.sslj.x.aL: Certificate not verified. at com.rsa.sslj.x.bm.a(Unknown Source) at com.rsa.sslj.x.bm.a(Unknown Source) at com.rsa.sslj.x.bm.a(Unknown Source) ... 39 more Caused by: java.security.cert.CertificateException: the certificate chain is not trusted, Could not validate path. at com.rsa.sslj.x.cq.a(Unknown Source) at com.rsa.sslj.x.cq.checkServerTrusted(Unknown Source) at com.rsa.sslj.x.cq.checkServerTrusted(Unknown Source) at com.rsa.sslj.x.aF.a(Unknown Source)
Cause
IDR v2.17 uses mod_ssl which relies on Admin to upload the certificate chain in ordered manner in Admin console -> Company Settings page.
If the uploaded chain is not ordered properly from leaf issuer to desired issue or upto root certificate authority, the clients having strict validation will fail to establish SSL connection, leading to inaccessible web resource.
Resolution
1. To find if the order is wrong, please access IDR Portal or setup page or use openssl s_client connect tool. Verify the certificate chain returned is ordered properly.
2. If not so, reorder the chain in any text editor. Starts with the issuing CA certificate of the server certificate and keep appending its issuer till desired intermediate issuer or you reach upto the root CA certificate.
3. Upload it in Admin console and Publish.
4. After publishing re-verify the cert chain by following step#1.
Workaround
Related Articles
Cloud Administration Update Hardware Token Name API Number of Views How to change PIN length for hardware tokens on cloud Number of Views Test Connection to an Identity Source from a Replica Number of Views uds.exe ? Unable To Locate Component. This application has failed to start because nsdnsinterface.dll was not found Number of Views Where are RSA SecurID hardware tokens manufactured? Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) Download RSA SecurID Access Cloud Administration audit logs using Cloud Administration REST API CLU Cloud Administration User Event Log API RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
