scano_183208 avatar image
scano_183208 asked Erick Ramirez edited

Having trouble configuring DSE C# driver with SSL, getting "SSLException: Received fatal alert: unknown_ca"

Below is a simple code that I am using to test this out:

class Program
    static void Main(string[] args)
        X509Certificate2Collection collection;
        using (var store = new X509Store(StoreLocation.LocalMachine))
            collection = store.Certificates;

        var cluster = Cluster.Builder()
            .WithSSL(new SSLOptions().SetCertificateCollection(collection))

        ISession session = cluster.Connect();


I downloaded the cert file that LCM auto generated and placed it within my local machine. On the server side when i run the code i get this error: Received fatal alert: unknown_ca

I have node to node and client to node encryption on. But the require_client_auth is set to false.

csharp driverencryption
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered

@scano_183208 Your code looks like you're doing 2-way SSL authentication but you specifically mentioned that you don't have require_client_auth enabled. Since you're not using 2-way SSL, I suggest that you look at the code example on GitHub which only calls .WithSSL() to enable server authentication.

You will also need to verify that the certificate authority has been added correctly to the Trusted Root Certification Authorities of the Local Machine store. If the certificate authority isn't configured correctly, the driver won't be able to connect correctly. For details, see the TLS/SSL page of the C# driver. Cheers!

10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.