We’re seeing “Trust anchor for certification path not found” error (CertPathValidatorException) for some of our users accessing API which is Proxied through Cloudflare. What could be causing this and any advice on how to resolve would be greatly appreciated. Thanks!
What steps have you taken to resolve the issue?
Confirmed valid SSL on Cloudflare and on origin.
Was the site working with SSL prior to adding it to Cloudflare?
Wonder from what kind of type of devices (mobile, desktop pc …) and utilities (Web browser outedated, etc.) and from which kind of type of network (business with firewall, bank, etc.) are they trying to access your Website behind proxy?
Are you using Client Certificates (mTLS) for Authentication in some way?
Using Zero Trust access or not?
May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?
This is for mobile devices using Android. We don’t have visibility in the logs as to the type of network they are using, but its a common use app, so we have to assume various types of networks, highly unlikely to be using a proxy.
We are not using client certificates, just have Cloudflare issue the edge certificates. Our origin server uses LetsEncrypt SSL, but clients only see Cloudflare’s edge certificate.
Yeah, I’ve also read that this is possible for older versions of Android, however we are seeing it across all versions, Android 15 and below, with majority from Android 14-12 and common devices like Samsung, Google & Motorola.
proxy? 