Getting "SSLPeerUnverifiedException: peer not authenticated" error in JBoss EAP when making outbound SSL call to an external backend service
Issue
-
The following error is thrown in the server.log file:
... 05:45:15,311 INFO [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 05:45:15,311 INFO [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, IOException in getSession(): javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 05:45:15,311 INFO [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called close() 05:45:15,311 INFO [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called closeInternal(true) 05:45:15,311 INFO [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called close() 05:45:15,311 INFO [stdout] (http-/0.0.0.0:12412-4) http-/0.0.0.0:12412-4, called closeInternal(true) 05:45:15,313 INFO [stdout] (http-/0.0.0.0:12412-4) 2016-12-08 05:45:15,312 [http-/0.0.0.0:12412-4] ERROR EXCEPTION.com.XXXX.some.custom.code.servlet.YYYY - <152> Caught exception: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 05:45:15,313 INFO [stdout] (http-/0.0.0.0:12412-4) javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 05:45:15,313 INFO [stdout] (http-/0.0.0.0:12412-4) at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421) 05:45:15,313 INFO [stdout] (http-/0.0.0.0:12412-4) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) 05:45:15,313 INFO [stdout] (http-/0.0.0.0:12412-4) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397) ... ** <!-- SEE HERE: #BEGIN 05:45:15,313 INFO [stdout] (http-/0.0.0.0:12412-4) at com.XXXX.some.custom.code.servlet.YYYY.someMethod(YYYY.java:1767) 05:45:15,313 INFO [stdout] (http-/0.0.0.0:12412-4) at com.XXXX.some.custom.code.servlet.YYYY.doPost(YYYY.java:1019) ** SEE HERE #END --> 05:45:15,313 INFO [stdout] (http-/0.0.0.0:12412-4) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) 05:45:15,313 INFO [stdout] (http-/0.0.0.0:12412-4) at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) 05:45:15,313 INFO [stdout] (http-/0.0.0.0:12412-4) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) 05:45:15,313 INFO [stdout] (http-/0.0.0.0:12412-4) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) 05:45:15,313 INFO [stdout] (http-/0.0.0.0:12412-4) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) ...
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6
- 7
- An External Backend Service (which is SSL enabled)
- The external backend server interface (e.g. "https://some-backend-server-fqdn/some-resource-uri") has renewed its certificates and imported the new CA certs.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.