Peer certificate rejected by ChainVerifier

Peer certificate rejected by ChainVerifier


In a scenario with a SSL encrypted (HTTPS) SOAP target URL in the SOAP receiver channel, the message goes into an error state.


The following error is shown in Message Log in PIMON:

SOAP: Call failed: Failed to get the input stream from socket: Peer certificate rejected by ChainVerifier


The SSL certificate needs to be imported into PIs keystore.

Download the certificate from the target server
  1. Open the Target URL in Chrome (or any other Browser)
  2. Open the developer tools by clicking on the three dots -> More Tools -> Developer Tools (Shortcut STRG + SHIFT + I)

    Chrome: Open developer tools
    Chrome: Open developer tools
  3. Go to the “Security” Tab and click on “View certificate”
  4. Go to the Details Tab and click on “Copy to file” button
  5. Click on the “Next” button and select “DER-codet-binary X.509 (.CER)”

    Download Certificate
    Download Certificate
  6. Click on “Next” button and select a destination on you local PC
Import certificate into keystore
  1. Open the Netweaver Administrator (http://your.pi:port/nwa)
  2. Go to Configuration -> Security -> Certificates and Keys
  3. Select the “Trusted CAs” View and click on “Import Entry”
  4. Select entry type “X.509 Certificate”, enter the path to the certificate you downloaded before and click on “Import”

    Certificates and Keys: Import entry
    Certificates and Keys: Import entry
  5. Resend your message

If your error is not resolved, open the certificate again and click on certification path. Afterwards, double click the first and second certificate (one after each other), save them and also import them into the TrustedCAx view.

2 Replies to “Peer certificate rejected by ChainVerifier”

    1. Hello Prasad,
      Please make sure you imported the certificates on the right Adapter Engine in case you use multiple Adapter Engine. Also, please assure that the URL you are using in the Communication Channel is the same one you use to download the certificates.
      Did you import the whole certificate chain (3 certificates)?

      Best Regards,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.