Getting "SSLPeerUnverifiedException: peer not authenticated" error in JBoss EAP when making outbound SSL call to an external backend service

Solution Verified - Updated -

Issue

  • The following error is thrown in the server.log file:

    ...
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, IOException in getSession():  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called close()
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called closeInternal(true)
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called close()
05:45:15,311 INFO  [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called closeInternal(true)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4) 2016-12-08 05:45:15,312 [http-/0.0.0.0:12412-4] ERROR EXCEPTION.com.XXXX.some.custom.code.servlet.YYYY - <152> Caught exception: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4) javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
...
** <!-- SEE HERE: #BEGIN

05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at com.XXXX.some.custom.code.servlet.YYYY.someMethod(YYYY.java:1767)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at com.XXXX.some.custom.code.servlet.YYYY.doPost(YYYY.java:1019)

** SEE HERE #END -->
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
05:45:15,313 INFO  [stdout] (http-/0.0.0.0:12412-4)     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
...

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6
    • 7
  • An External Backend Service (which is SSL enabled)
  • The external backend server interface (e.g. "https://some-backend-server-fqdn/some-resource-uri") has renewed its certificates and imported the new CA certs.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content