SAP Knowledge Base Article - Preview

3058113 - Wrong server certificate causes "Peer certificate rejected by chain verifier" error


  • SAP Process Integration (PI) / Process Orchestration (PO) is used to send data to a server.
  • Within a configured scenario, the communication to the receiver system is failing with "Peer certificate rejected by chain verifier" error.
  • When checking the handshake in the XPI Inspector trace (example 11 or 50) you see the the following:
    • ssl_debug(515659): Starting handshake (iSaSiLk 5.104)...
          ssl_debug(515659): Sending v3 client_hello message to <host>:<port>, requesting version 3.3...
          ssl_debug(515659): Sending extensions: renegotiation_info (65281), signature_algorithms (13)
          ssl_debug(515659): Received v3 server_hello handshake message.
          ssl_debug(515659): Server selected SSL version 3.3.
          ssl_debug(515659): Server created new session
          ssl_debug(515659): CipherSuite selected by server: TLS_RSA_WITH_AES_128_GCM_SHA256
          ssl_debug(515659): CompressionMethod selected by server: NULL
          ssl_debug(515659): TLS extensions sent by the server: renegotiation_info (65281)
          ssl_debug(515659): Server supports secure renegotiation.
          ssl_debug(515659): Received certificate handshake message with server certificate.
          ssl_debug(515659): Server sent a 1024 bit RSA certificate, chain has 1 elements.
          Trusted certs in the verifier - xx, in the session - xx
          Subject DN duplicates detected.
          Is the chain ordered? true
          chain index #0
          Subject: OU=DummyCertificate,O=DummyCertificate ,,C=US,ST=SC,
          Issuer: ,,OU=Test CA,O=Dummy Ltd,L=Dummy City,ST=SC,C=US
          ssl_debug(515659): ChainVerifier: No trusted certificate found, rejected.
  • You realize that an incorrect server certificate is being sent.
  • SNI extension is not enabled in your PI/PO system.



    • PI Release Independent
    • SAP NetWeaver
    • SAP Process Integration
    • SAP Process Orchestration


    SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5


    ssl pi xi adapter soap, TLS handshake failure, SNI extension, Exception sending message: Broken pipe (Write failed), This site works only in browsers with SNI support, certs, certificate, nota fiscal eletronica, peer certificate reject by chain verifier, connection reset, certificate authority, CA, trustedca, trustedcas, certificates, bad certificate, Process Integration 7.0, PI 7.0, PI 7.01, PI 7.02, Process Integration 7.10, PI 7.10, Process Integration 7.11, PI 7.11, Process Integration 7.30, PI 7.30, Process Integration 7.31, PI 7.31, Process Orchestration 7.40, PI 7.40, PO 7.40, Process Orchestration 7.50, PI 7.50, PO 7.50, NetWeaver, XI, keystore , KBA , BC-XI-CON-AFW-SEC , Security , How To

    About this page

    This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

    Search for additional results

    Visit SAP Support Portal's SAP Notes and KBA Search.