Troubleshooting Tip: Continuous Error 0A000416:SSL routines::sslv3 alert certificate unknown

riteshpv · ‎09-16-2025

Description

This article describes the error observed on FortiSwitch and outlines the possible cause and solution.

Scope

FortiSwitch OS versions: v7.4.2, v7.6.2.

Solution

Issue: In FortiSwitch logs, continuous error messages may be observed regarding SSL certificate alerts:

Log message from FortiSwitch event:

9: 2023-12-10 09:36:18 log_id=0103033601 tz=+0200 type=event subtype=system pri=notice vd=root sn=FS1E48T422XXXXX ui="https" msg="error:0A000416:SSL routines::sslv3 alert certificate unknown -- "
10: 2023-12-10 09:36:03 log_id=0103033601 tz=+0200 type=event subtype=system pri=notice vd=root sn=FS1E48T422XXXXX ui="https" msg="error:0A000416:SSL routines::sslv3 alert certificate unknown -- "

Cause: The error occurs because the FortiSwitch does not recognize the client certificate presented by the device attempting to connect over HTTPS. In this case, the client is the device trying to access the FortiSwitch via HTTPS.

Resolution: Upgrade the FortiSwitch to v7.6.4 or later, where a new option (https-ssl-log-level) is available. Setting this option to critical will suppress these repetitive log messages.

Configuration example:

config system web
set https-ssl-log-level critical
end

This change ensures only critical SSL errors are logged, avoiding repetitive certificate alerts.

Note:

FortiSwitch may sometimes produce very similar error messages with 'ssl/tls alert certificate unknown' instead of 'sslv3 alert certificate unknown.'.
More details on that error may be found here: Troubleshooting Tip: Switch-controller 'msg="error:0A000416:SSL routines::ssl/tls alert certificate ...

Troubleshooting Tip: Continuous Error 0A000416:SSL routines::sslv3 alert certificate unknown

You are leaving our website