- An SSL/TLS connection to an external server from the AS Java fails with "Peer certificate rejected by ChainVerifier".
- An SSL trace with IAIK debug records (see SAP KBA 2673775) shows the following messages:
ssl_debug(3): Starting handshake (iSaSiLk 5.106)...
ssl_debug(3): Sending v3 client_hello message to <hostname of the SSL server>:<port>, requesting version 3.3...
ssl_debug(3): Sending extensions: renegotiation_info (...), signature_algorithms (..)
ssl_debug(3): Received v3 server_hello handshake message.
ssl_debug(3): Received certificate handshake message with server certificate.
Unhandled uncritical extension: OBJECT ID = 1.2.840.1135184.108.40.206
Extension error: certificate at index 2 is marked as non-CA certificate
ssl_debug(2): Sending alert: Alert Fatal: bad certificate
ssl_debug(2): Shutting down SSL layer...
ssl_debug(2): SSLException while handshaking: Peer certificate rejected by ChainVerifier
SAP NetWeaver Application Server Java using SSL for outgoing connection
KBA , BC-JAS-SEC-CPG , Cryptography , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.