cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Peer certificate rejected by chain verifier in receiver rest adapter

ashok47
Explorer

on ‎10-31-2018 1:00 PM

0 Kudos

Hi All,

Can you please suggest me on the below issue....!

I am working on proxy to rest interface. in this case i am getting error in rest receiver channel (ping channel)

Error: peer certificate rejected by chain verifier

I have imported certificates in NWA which is given by third party. but still i am getting same error in ping channel. Please find the screenshot below

But when i am trying to connect with SOAP channel , it is working fine.

Please refer NWA certificate screen shot.

Here i am using HTTPS url to connect with third party.

Can you please check my channel configuration below...

Please check and suggest me.. whether i need to change any configuration or changes from PI side??

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member499364
Participant
‎07-27-2020 7:32 PM
0 Kudos

https://answers.sap.com/questions/504106/sslcertificateexception-peer-certificate-rejected-.html

So, the error was because the remote server had an expired certificate installed, thus when PI check for the certificates of the remote server, it returned the valid certificate, but also an invalid expired certificate, this being the cause of the error.

Show replies
Show replies
former_member499364
Participant
‎07-27-2020 7:20 PM
0 Kudos

Is this issue resolved? I am facing the exact same error:-

I am getting the error "MP: exception caught with cause java.io.IOException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier" in the REST receiver channel in SAP PO 7.5

1) I have imported all the three chain certificates in the correct sequence.

2) In the XPI trace, we can see handshake is happening successfully but we are still not getting the response back.

Any pointers will be helpful.

Show replies
Show replies
former_member499364
Participant
‎07-27-2020 7:31 PM
0 Kudos

PFA XPI trace.xpi-trace.jpg

former_member182742
Explorer
‎11-01-2018 4:34 AM
0 Kudos

Dear,

Basically the server certificate chain should be in order Own -> Intermedite -> Root. The chain is considered complete if Issuer of certificate[0] matches with subject of certificate[1] and so on. For Root CA, the issuer and subject are same. Please ensure that the whole certificate chain is complete and all the certificates are imported into the Trusted CA's keystore view in NWA.

You can download and install XPI Inspector tool as per note 1514898 - XPI Inspector for troubleshooting XI, use Example 50 (XI Channel) for the issue REST receiver channel, activate the following additional traces, reproduce this error and check more debug level traces to narrow down the root cause.

1. Collect debug traces from Messaging System
2. Collect debug trace from XI Module Processor
3. Collect HTTP Traces

Best regards,
Tina

Show replies
Show replies
Ask a Question