javax.net.ssl.SSLHandshakeException: Chain validation failed error

Hi Cloudflare community we use Cloudflare WAF for Web Apps, Customers can’t use our Apps if their Phone Date is wrong, after research we sow this error “javax.net.ssl.SSLHandshakeException: Chain validation failed”

This is an intrinsic security feature of SSL. You need to ensure the date is correct, otherwise you’ll always have that issue. That’s not Cloudflare related.

Thank you for your answer but before Cloudflare, we used to use Sectigo Certificate and we didn’t face this error before, and in Cloudflare, we uploaded our certificate that we used to use before so what is changed, also if I change the domain to DNS Only everything is working but in proxied mode

As I said, if you have an invalid date you’ll always have that issue with SSL and you need to make sure the date is correct. This has nothing to do with Cloudflare. Changing the proxied status won’t change that either.

What’s the URL?

What can be is that your server certificate has a longer validity than the proxy certificate, but that does not change the fact that you need to make sure that the date is correct.

Otherwise you could only upgrade to a Business plan where you can upload your own certificate and that could have a validity of a year, but that would be a rather expensive workaround for not simply making sure the date is correct.

sorry for the misunderstanding as I said before we saw that this error was Certificate but my question is we have used this Certificate before and we didn’t face any error before Cloudflare, so why its only happen in Cloudflare if its not Cloudflare issue

Different validity of the certificate. But the bottom line really is that you need to make sure the date is the correct one, otherwise you’ll always have such issues.

Both are loading fine. Again, if you have a wrong date you can expect certificate errors and that’s it. Once again, that’s not Cloudflare related.

The issue here is not that certificate validation fails, but that you have a wrong date.

It’s OK when you visit from Browser, but the problem is when you use Apps both domains use Same Certificate, one of them use Cloudflare while other not, when my Phone date is wrong the one with Cloudflare can’t boots up while other works normal,
Again I can say that we moved to Cloudflare before weeks and our services worked for years and we didn’t face this issue before so how to say that this is not about Cloudflare in addition to that is if I change the domain to DNS Only that phone with the wrong date works normally

For the Nth time, if you have a wrong date that is what is to be expected. The issue here is not Cloudflare, the certificate, or the browser but your wrong date and you need to make sure that is fixed.

And it won’t “work” without Cloudflare either, you might simply have a different validity period which is why your totally broken date won’t throw the error, but I said that already as well.

OK thank you for your time but may I ask you some questions
for clarification, We use Cloudflare business and we upload the certificates that we used to use before
so my questions are

  1. why we didn’t face this issue before Cloudflare as long as we use the same certificate also our other services that use the same cert didn’t face this issue except the one in Cloudflare
  2. why it works when we changed it into DNS Only mode and not work in proxy mode.

In that case it should not be a different validity period, but you should not experience the issue either as you have the same certificates involved. What could be is that you did not upload the whole or the identical certificate pack, but in that case you should always receive the error and not only when the date is wrong. The other thing can be is that you uploaded an older intermediate certificate.

But again, this is not a Cloudflare related issue but you simply need to make sure you provided Cloudflare with a proper certificate pack, but most of all you should make sure the time is correct.

Cloudflare is not involved here and cannot control your certificates either.