Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Peer Certificate Rejected by ChainVerifier

Hi,

I am laying my first hands on SAP LVM plugin development. In my use-case, the plugin needs to talk to a soap service that runs locally on the same host where the LVM / plugin executes. The soap service is written in java and runs on a Tomcat 7 server and is secured via HTTPS using a self-signed certificate.

The Tomcat server side of things works as expected - the WSDL is perfectly accessible via any standard browser or any test soap client process (java stub / soap UI etc). However the same fails when the plugin code tries accessing it with the following exception:

Connection IO Exception. Check nested exception for details. (Peer certificate rejected by ChainVerifier).

[EXCEPTION]

com.sap.engine.services.webservices.espbase.client.bindings.exceptions.TransportBindingException

Connection IO Exception. Check nested exception for details. (Peer certificate rejected by ChainVerifier).

[EXCEPTION]

com.sap.engine.services.webservices.espbase.client.bindings.exceptions.TransportBindingException: Connection IO Exception. Check nested exception for details. (Peer certificate rejected by ChainVerifier).

at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.outputSOAPMessage(SOAPTransportBinding.java:419)

at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.call_SOAP(SOAPTransportBinding.java:1364)

at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.callWOLogging(SOAPTransportBinding.java:990)

at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.call(SOAPTransportBinding.java:944)

at com.sap.engine.services.webservices.espbase.client.jaxws.core.WSInvocationHandler.processTransportBindingCall(WSInvocationHandler.java:168)

at com.sap.engine.services.webservices.espbase.client.jaxws.core.WSInvocationHandler.invokeSEISyncMethod(WSInvocationHandler.java:121)

at com.sap.engine.services.webservices.espbase.client.jaxws.core.WSInvocationHandler.invokeSEIMethod(WSInvocationHandler.java:84)

at com.sap.engine.services.webservices.espbase.client.jaxws.core.WSInvocationHandler.invoke(WSInvocationHandler.java:65)

at $Proxy428.login(Unknown Source)

...

...

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)

at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)

at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)

at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)

Caused by: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

at iaik.security.ssl.r.checkIsTrusted(Unknown Source)

at iaik.security.ssl.x.b(Unknown Source)

at iaik.security.ssl.x.a(Unknown Source)

at iaik.security.ssl.r.d(Unknown Source)

at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)

at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source)

at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)

at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initStreamsFromSocket(HTTPSocket.java:676)

at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initializeStreams(HTTPSocket.java:553)

at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getOutputStream(HTTPSocket.java:504)

at com.sap.engine.services.webservices.espbase.client.bindings.ClientHTTPTransport.getRequestStream(ClientHTTPTransport.java:202)

at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.outputSOAPMessage(SOAPTransportBinding.java:375)

... 73 more

I have imported the self-signed certificate in NWA trustCAs keystore. I have also ensured that the CN=hostname and the dates are valid on the certificate. Not sure if I am missing anything here. This is time critical and any help getting past this problem is greatly appreciated.

Thanks in advance.

-Hari

Tags:
Former Member
Not what you were looking for? View more on this topic or Ask a question