SAP Knowledge Base Article - Preview

3057117 - Peer certificate rejected by ChainVerifier - EC signed SHA256withRSA server certificate server certificate not capable for ECDHE_ECDSA key exchange algorithm!

Symptom

  • An SSL/TLS connection to an external server from the AS Java fails with "Peer certificate rejected by ChainVerifier" error.
  • An SSL trace with IAIK debug records (see SAP KBA 2673775) shows the following messages:

    [...]
    ssl_debug(7): Starting handshake (iSaSiLk 5.106)...
    ssl_debug(7): Sending v3 client_hello message to <hostname>:<port>, requesting version 3.3...
    [...]
    ssl_debug(7): Received v3 server_hello handshake message.
    [...]
    ssl_debug(7): Received certificate handshake message with server certificate.
    [...]
    Signature Algorithm: SHA256withRSA
    [...]
    ssl_debug(493): ChainVerifier: EC signed SHA256withRSA server certificate server certificate not capable for ECDHE_ECDSA key exchange algorithm!
    [...]
    <...> Peer certificate rejected by ChainVerifier <...>
    [...]


Read more...

Environment

  • SAP NetWeaver Application Server Java as of 7.1X version
  • SAP Process Integration (PI)

Product

SAP NetWeaver Application Server for Java all versions

Keywords

PI, PO, Process Orchestration, Process Integration, handshake failed, handshake failure, ssl handshake , KBA , BC-JAS-SEC-CPG , Cryptography , BC-XI-CON-SOP , SOAP Adapter , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.