Translated message

A translation of this page exists in English.

JBoss EAP で外部バックエンドサービスへのアウトバウンド SSL 呼び出しを行うと、"SSLPeerUnverifiedException: peer not authenticated" エラーが発生する

Solution In Progress - Updated -

Issue

  • server.log ファイルに次のエラーが発生します。

    ...
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, IOException in getSession():  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called close()
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called closeInternal(true)
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called close()
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called closeInternal(true)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4) 2016-12-08 05:45:15,312 [http-/0.0.0.0:12412-4] ERROR EXCEPTION.com.XXXX.some.custom.code.servlet.YYYY - <152> Caught exception: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4) javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
...
** <!-- SEE HERE: #BEGIN

05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at com.XXXX.some.custom.code.servlet.YYYY.someMethod(YYYY.java:1767)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at com.XXXX.some.custom.code.servlet.YYYY.doPost(YYYY.java:1019)

** SEE HERE #END -->
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
...

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6
    • 7
  • 外部バックエンドサービス (SSL 対応)
  • 外部バックエンドサーバーインターフェイス (例: "https://some-backend-server-fqdn/some-resource-uri") により証明書が更新され、新しい CA 証明書がインポートされている。

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content