It’s possible that after updating the CAs, the service didn’t actually pick up on that update yet. If you haven’t already, you could try restarting the service so it’s using the updates and not the old cached CAs. It’s difficult to troubleshoot these issues since they’re very environment-specific. You can see the full chain of the certificate path up to the root CA at the link below; I’d recommend double-checking that the specific root CA is installed and up-to-date in your system.
This Stackoverflow topic might help here. To pull a quote from it:
Assuming the server certificate is signed by a well-known CA, this is happening because the set of CA certificates available to a modern browser is much larger than the limited set that is shipped with the JDK/JRE.
We recently made a change that would have switched the certificate authority that would be used for the SSL certificate at api.hubapi.com. If you’re having trouble validating the certificate, you may need to update the root CAs installed on your server.
I tried to update the certificate on the server but still get the exception.
Strange things is that it always has been working on my acceptance environment (without any changes) but not on production one.
What’s the best way to get the api certificate?
Thanks in advance,