SAP Knowledge Base Article - Preview

3076273 - Peer certificate rejected by ChainVerifier - CertificateExpiredException


  • An SSL/TLS connection to an external server from the AS Java fails with "Peer certificate rejected by ChainVerifier".
  • An SSL trace with IAIK debug records (see SAP KBA 2673775) shows the following messages:

ssl_debug(7): Starting handshake (iSaSiLk 5.106)...

ssl_debug(7): Sending v3 client_hello message to <hostname of the SSL Backend>:<port>, requesting version 3.3...
ssl_debug(7): Sending extensions: renegotiation_info (...), signature_algorithms (..)
ssl_debug(7): Received v3 server_hello handshake message.
ssl_debug(7): Received certificate handshake message with server certificate.
ssl_debug(7):     Not Before: Mon Jun 10 19:00:00 COT 2019

ssl_debug(7):     Not After:  Fri Jun 11 07:00:00 COT 2021
ChainVerifier: Error verifying certificate chain:
ssl_debug(7): Sending alert: Alert Fatal: bad certificate
ssl_debug(7): SSLException while handshaking: Peer certificate rejected by ChainVerifier



SAP NetWeaver Application Server Java


SAP NetWeaver Application Server for Java all versions


expired certificate, server certificate , KBA , BC-JAS-SEC-CPG , Cryptography , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.