[BUG CLIENT]: Getting SSL Error: Unable to get local issuer certificate when trying to access API.

[TiruvedulaMithun]

Python -VV

From postman

Pip Freeze

From postman

Reproduction Steps

1. Open Postman
2. Set your API_KEY in authorization
3. Set up a sample request body copied from here
4. set model to "model": "mistral-small-latest"
5. Execute REST API

Expected Behavior

Should get response.

Additional Context

Apologies, I do not know which other repo to raise this issue in.

I get an SSL error when I try to use the chat completions API with my Java client. If I ignore these errors, the API works. However, I cannot ignore the API error in my production environment.

Before ignore SSL verification

After ignore SSL verification

Caused by: org.bouncycastle.tls.TlsFatalAlert: certificate_unknown(46)
        at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.checkServerTrusted(Unknown Source)
        at org.bouncycastle.jsse.provider.ProvTlsClient$1.notifyServerCertificate(Unknown Source)
        at org.bouncycastle.tls.TlsUtils.processServerCertificate(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.handleServerCertificate(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.receive13ServerCertificate(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.handle13HandshakeMessage(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
        at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
        at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown Source)
        at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown Source)
        at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
        at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
        at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
        at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
        at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
        at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
        at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
        at dev.langchain4j.model.mistralai.internal.client.MistralAiResponseLoggingInterceptor.intercept(MistralAiResponseLoggingInterceptor.java:18)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
        at dev.langchain4j.model.mistralai.internal.client.MistralAiRequestLoggingInterceptor.intercept(MistralAiRequestLoggingInterceptor.java:23)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
        at dev.langchain4j.model.mistralai.internal.client.MistralAiApiKeyInterceptor.intercept(MistralAiApiKeyInterceptor.java:23)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
        at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
        at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:204)
        at dev.langchain4j.model.mistralai.internal.client.DefaultMistralAiClient.chatCompletion(DefaultMistralAiClient.java:85)
        ... 20 more
        Suppressed: org.bouncycastle.tls.TlsFatalAlert: certificate_unknown(46)
                ... 60 more
        Caused by: java.security.cert.CertificateException: Unable to build a CertPath: no PKIXBuilderParameters available
                at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkTrusted(Unknown Source)
                at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkServerTrusted(Unknown Source)
                ... 60 more
Caused by: java.security.cert.CertificateException: Unable to build a CertPath: no PKIXBuilderParameters available
        at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkTrusted(Unknown Source)
        at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkServerTrusted(Unknown Source)
        ... 60 more

Suggested Solutions

No response