- An SSL/TLS connection to an external server from the AS Java fails with "Peer certificate rejected by ChainVerifier".
- An SSL trace with IAIK debug records (see SAP KBA 2673775) shows the following messages:
ssl_debug(3): Starting handshake (iSaSiLk 5.106)...
ssl_debug(3): Sending v3 client_hello message to <hostname of the SSL server>:<port>, requesting version 3.3...
ssl_debug(3): Sending extensions: renegotiation_info (...), signature_algorithms (..)
ssl_debug(3): Received v3 server_hello handshake message.
ssl_debug(3): Received certificate handshake message with server certificate.
Unhandled uncritical extension: OBJECT ID = 1.2.840.1135184.108.40.206
Extension error: certificate at index 2 is marked as non-CA certificate
ssl_debug(2): Sending alert: Alert Fatal: bad certificate
ssl_debug(2): Shutting down SSL layer...
ssl_debug(2): SSLException while handshaking: Peer certificate rejected by ChainVerifier
SAP NetWeaver Application Server Java using SSL for outgoing connection
KBA , BC-JAS-SEC-CPG , Cryptography , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.