/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- An SSL/TLS connection to an external server from the AS Java fails with "Peer certificate rejected by ChainVerifier".
- An SSL trace with IAIK debug records (see SAP KBA 2673775) shows the following messages:
[...]
ssl_debug(7): Starting handshake (iSaSiLk 5.106)...
ssl_debug(7): Sending v3 client_hello message to <hostname>:<port>, requesting version 3.3...
ssl_debug(7): Sending extensions: renegotiation_info (...), signature_algorithms (..)
ssl_debug(7): Received v3 server_hello handshake message.
[...]
ssl_debug(7): Received certificate handshake message with server certificate.
[...]
ChainVerifier: Found a trusted certificate, returning true
[...]
Extensions: 10
[...]
Unhandled CRITICAL extension: OBJECT ID = CertificatePolicies (2.5.29.32)
Sending alert: Alert Fatal: bad certificate
Shutting down SSL layer...
SSLException while handshaking: Peer certificate rejected by ChainVerifier
Closing transport...
[...]
Read more...
Environment
- SAP NetWeaver Application Server Java all versions
- AS Java as SSL client
Product
Keywords
handshake error, handshake fails, pki, certificate policy, certificate extensions , KBA , BC-JAS-SEC-CPG , Cryptography , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)