Peer certificate rejected by ChainVerifier
Scenario
In a scenario with a SSL encrypted (HTTPS) SOAP target URL in the SOAP receiver channel, the message goes into an error state.
Error
The following error is shown in Message Log in PIMON:
SOAP: Call failed: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Solution
The SSL certificate needs to be imported into PIs keystore.
Download the certificate from the target server
- Open the Target URL in Chrome (or any other Browser)
- Open the developer tools by clicking on the three dots -> More Tools -> Developer Tools (Shortcut STRG + SHIFT + I)
- Go to the “Security” Tab and click on “View certificate”
- Go to the Details Tab and click on “Copy to file” button
- Click on the “Next” button and select “DER-codet-binary X.509 (.CER)”
- Click on “Next” button and select a destination on you local PC
Import certificate into keystore
- Open the Netweaver Administrator (http://your.pi:port/nwa)
- Go to Configuration -> Security -> Certificates and Keys
- Select the “Trusted CAs” View and click on “Import Entry”
- Select entry type “X.509 Certificate”, enter the path to the certificate you downloaded before and click on “Import”
- Resend your message
If your error is not resolved, open the certificate again and click on certification path. Afterwards, double click the first and second certificate (one after each other), save them and also import them into the TrustedCAx view.
2 Replies to “Peer certificate rejected by ChainVerifier”
I followed same steps, but still facing same issue, please advice
Hello Prasad,
Please make sure you imported the certificates on the right Adapter Engine in case you use multiple Adapter Engine. Also, please assure that the URL you are using in the Communication Channel is the same one you use to download the certificates.
Did you import the whole certificate chain (3 certificates)?
Best Regards,
Maximilian