SAP Knowledge Base Article - Preview

3411628 - Peer certificate rejected by ChainVerifier - Connections are not possible without trusted certificates

Symptom

  • An SSL/TLS connection to an external server from the AS Java fails with "Peer certificate rejected by ChainVerifier".
  • An SSL trace with IAIK debug records (see SAP KBA 2673775) shows the following messages:

[...]
ssl_debug(7): Starting handshake (iSaSiLk 5.106)...

ssl_debug(7): Sending v3 client_hello message to <hostname>:<port>, requesting version 3.3...
ssl_debug(7): Sending extensions: renegotiation_info (...), signature_algorithms (..)
[...]
Attempting to create outgoing ssl connection without trusted certificates
[...]
Connections are not possible without trusted certificates.
[...]
ssl_debug(11): SSLException while handshaking: Peer certificate rejected by ChainVerifier
[...] 


Read more...

Environment

  1. SAP NetWeaver Application Server Java
  2. 3rd party Agent Library

Product

SAP NetWeaver Application Server for Java all versions

Keywords

javaagent, third party, 3rd party, bytecode, bytecode agent, Appdynamics, App dynamics, monitoring, monitoring agent, agent, java agent , KBA , BC-JAS-SEC-CPG , Cryptography , BC-JVM , SAP Java Virtual Machine , BC-JAS-SEC , Security, User Management , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.