The most common reasons for this problem are:
- The KLA being used is not the latest one (and it is not considering a new SSL certificate from kiuwan.com)
- The network department of your organization is using some kind of SSL Inspection
- There's a real MIME attack
KLA Version Update
Check if you are using the latest KLA version. Kiuwan.com may have upgraded the SSL certificate and, for some reason, the automatic update mechanism is not working.
A clue of this situation is that the error message displays: CN=Sectigo RSA Domain Validation Secure Server CA
Force an update manually by deleting the following files (located at your KLA installation root directory):
In case this solution does not work, delete the current KLA installation, and download and install the latest version (Download Kiuwan Local Analyzer)
If you are using the Kiuwan Plugin for Jenkins (Jenkins plugin (old)), you should only delete the following directories (download and installation of the latest KLA will be automatically done):
- JENKINS_HOME/tools/kiuwan/KiuwanLocalAnalyzer, and
Check with your Network Admins that SSL Inspection is being implemented.
Quite often, network departments implement SSL Inspection to avoid security threads through SSL encrypted channels.
These solutions lead to the KLA detecting that the SSL channel is not being established with the expected kiuwan.com server. If this happens, it might think that it's an MITM attack.
A usual clue of this situation is when the log message shows that Certificate CN is different from the above value.
If you are sure you are using the latest version of KLA, get in contact with your Network Department.
Some samples on how to configure SSL inspection in popular proxy/gateway products: