Could not establish trust relationship for the SSL/TLS secure channel with authority

Document ID : KB000103876
Last Modified Date : 17/10/2018
Show Technical Document Details
Issue:
The .Net client application is not able to connect to the HTTPS VSM deployed to VSE.
Different client applications are working fine.
The exception displayed is:
Could not establish trust relationship for the SSL/TLS secure channel with authority 'VSE Server:port'
Environment:
All supported DevTest releases.
Resolution:
By adding the SSL debug property, -Djavax.net.debug=ssl, in the VSE vmoptions file, we could verify the VSE was receiving the request and the SSL handshake looked fine.
For more information regarding the SSL handshake, please take a look at the links below:
Of SSL, Java and DevTest  - https://comm.support.ca.com/kb/Of-SSL-Java-and-DevTest/KB000009925
How to collect SSL debugging information with DevTest? - https://comm.support.ca.com/kb/how-to-collect-ssl-debugging-information-with-devtest/KB000117725

After the handshake is completed, it seemed that the client application closed the connection.
We can see the following in the VSE log file:
PortServer:0.0.0.0/0.0.0.0:8000, called closeInbound() 
PortServer:0.0.0.0/0.0.0.0:8000, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack? 
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? 
%% Invalidated: [Session-43, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 
PortServer:0.0.0.0/0.0.0.0:8000, SEND TLSv1 ALERT: fatal, description = internal_error 

It implies that the signing authorities may not be trusted by the client end.
The root and intermediate certification authorities need to the imported in the client application.