SAP Knowledge Base Article - Preview

2671583 - Error "Peer certificate rejected by ChainVerifier" in AS Java

Symptom

You have referred the KBA 2416119 - Improved security for outgoing HTTPS connections in SAP NetWeaver to set parameter UrlCheckServerCertificate of HTTP Provider service to "true". Then when AS Java work as SSL client and there is outgoing calls to SSL server which underline use IAIK library to secure the connection, following error get throw out.
----------------------------
[EXCEPTION]
javax.servlet.ServletException: java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: Peer certificate rejected by ChainVerifier
    at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:392)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:382)
......
Caused by: java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: Peer certificate rejected by ChainVerifier
    at org.w3c.www.protocol.http.HttpURLConnection.error(SourceFile:192)
    at org.w3c.www.protocol.http.HttpURLConnection.checkReply(SourceFile:186)
----------------------------

If follow KBA 2673775 - Use /tshw to collect IAIK debug trace for outgoing calls in AS Java to collect IAIK debug trace, following error can be seen.
-----------------------
CertRevoc result: false
revoced certificate (CN=***,O=***,L=***,ST=***,C=**) found.
-----------------------


Read more...

Environment

• Release Independent
• SAP NetWeaver

Product

SAP ERP 6.0 ; SAP NetWeaver 7.0 ; SAP NetWeaver 7.1 ; SAP NetWeaver 7.2 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.0 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0

Keywords

fetchMetadataError[object Object], fetchMetadataError, java, webdynpro, security, javax.servlet.ServletException, java.lang.RuntimeException, Error while silently connecting, org.w3c.www.protocol.http.HttpException, Peer certificate rejected by ChainVerifier, revocked, revoced, revoked, revoced certificate , KBA , BC-JAS-SEC , Security, User Management , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.