Getting "SSLPeerUnverifiedException: peer not authenticated" error in JBoss EAP when making outbound SSL call to an external backend service

Solution Verified - Updated 2017-11-24T10:14:54+00:00 -

Issue

The following error is thrown in the server.log file:

...
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, IOException in getSession():  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called close()
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called closeInternal(true)
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called close()
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called closeInternal(true)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4) 2016-12-08 05:45:15,312 [http-/0.0.0.0:12412-4] ERROR EXCEPTION.com.XXXX.some.custom.code.servlet.YYYY - <152> Caught exception: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4) javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
...
** <!-- SEE HERE: #BEGIN

05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at com.XXXX.some.custom.code.servlet.YYYY.someMethod(YYYY.java:1767)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at com.XXXX.some.custom.code.servlet.YYYY.doPost(YYYY.java:1019)

** SEE HERE #END -->
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
...

Environment

Red Hat JBoss Enterprise Application Platform (EAP)
- 6
- 7
An External Backend Service (which is SSL enabled)
The external backend server interface (e.g. "https://some-backend-server-fqdn/some-resource-uri") has renewed its certificates and imported the new CA certs.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories