3058113 - Wrong server certificate causes "Peer certificate rejected by chain verifier" error

• SAP Process Integration (PI) / Process Orchestration (PO) is used to send data to a server.
• Within a configured scenario, the communication to the receiver system is failing with "Peer certificate rejected by chain verifier" error.
• When checking the handshake in the XPI Inspector trace (example 11 or 50) you see the following logs:
  
  • ssl_debug(515659): Starting handshake (iSaSiLk 5.104)...
        ssl_debug(515659): Sending v3 client_hello message to <host>:<port>, requesting version 3.3...
        ssl_debug(515659): Sending extensions: renegotiation_info (65281), signature_algorithms (13)
        ssl_debug(515659): Received v3 server_hello handshake message.
        ssl_debug(515659): Server selected SSL version 3.3.
        ssl_debug(515659): Server created new session
        ssl_debug(515659): CipherSuite selected by server: TLS_RSA_WITH_AES_128_GCM_SHA256
        ssl_debug(515659): CompressionMethod selected by server: NULL
        ssl_debug(515659): TLS extensions sent by the server: renegotiation_info (65281)
        ssl_debug(515659): Server supports secure renegotiation.
        ssl_debug(515659): Received certificate handshake message with server certificate.
        ssl_debug(515659): Server sent a 1024 bit RSA certificate, chain has 1 elements.
        Trusted certs in the verifier - xx, in the session - xx
        Subject DN duplicates detected.
        Is the chain ordered? true
        ORIGINAL CHAIN
        chain index #0
        Subject: OU=DummyCertificate,O=DummyCertificate ,EMAIL=DummyCertificate@DummyCertificate.com,C=US,ST=SC,CN=www.DummyCertificate.com
        Issuer: EMAIL=DummyCertificate@DummyCertificate.com ,CN=www.DummyCertificate.com,OU=Test CA,O=Dummy Ltd,L=Dummy City,ST=SC,C=US
        ...
         ...
        ssl_debug(515659): ChainVerifier: No trusted certificate found, rejected.
    
• You realized that an incorrect server certificate is being sent.
• SNI extension is not enabled in your PI/PO system.

• PI Release Independent
• SAP NetWeaver
• SAP Process Integration
• SAP Process Orchestration

ssl pi xi adapter soap, TLS handshake failure, SNI extension, Exception sending message: java.net.SocketException: Broken pipe (Write failed), This site works only in browsers with SNI support, certs, certificate, nota fiscal eletronica, peer certificate reject by chain verifier, connection reset, certificate authority, CA, trustedca, trustedcas, certificates, bad certificate, Process Integration 7.0, PI 7.0, PI 7.01, PI 7.02, Process Integration 7.10, PI 7.10, Process Integration 7.11, PI 7.11, Process Integration 7.30, PI 7.30, Process Integration 7.31, PI 7.31, Process Orchestration 7.40, PI 7.40, PO 7.40, Process Orchestration 7.50, PI 7.50, PO 7.50, NetWeaver, XI, keystore , KBA , BC-XI-CON-AFW-SEC , Security , BC-JAS-SEC , Security, User Management , How To