Remote error: tls: unknown certificate


I’m using the CE edition of the gateway, and behind that gateway have a number of services written in both Go and Java. I have the necessary configurations set to skip verification of the cert, and in general this seems to be working. However, for the Java based services, I get this error in the Tyk gateway log:

 http: TLS handshake error from remote error: tls: unknown certificate

I would like to understand what Tyk is looking for here. Is there some difference that occurs when a self signed cert is converted to pkcs12 (using openssl) during the startup process? Here’s our command:

openssl pkcs12 -export -name "cert_name" -out /svccerts/service_cert.pkcs12 -in /certs/service_cert.pem -inkey /certs/service_key.pem -password pass:password

And the key is subsequently loaded into the keystore.

Interesting, this doesn’t prevent Tyk from sending the request to the service and replying with data. But I would like to have a clean log if possible.

Thanks for any information you can provide.