Win a copy of Machine Learning with R: Expert techniques for predictive modeling this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
  • Knute Snortum
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • Frits Walraven
  • Ganesh Patekar

SSL Peer Unauthorized Issue

Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello All,

I'm trying to consume a REST service from my application. Below is the code snippet I'm using.

This is working fine in my machine and test environment. But it fails in PROD. Below is the stack trace

The potential difference between stage and prod environment is the ssl configuration. In stage we are pointing to JSSE2 where as in prod we are pointing websphere. So, I'm trying to override the websphere configuration with jsse2 programatically in my app.

I tried using but its still giving the same error. Any suggestion is really appreciated.

Saloon Keeper
Posts: 21139
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can't say for certain, but I'd suspect that the server's TLS certificate isn't trusted by the client.

When you use TLS/SSL in a web client, the client has a set of master certs it trusts (a set is bundled with the JVM). These certs are used to authorize lower-level certs that aren't in the master list, and those certs can in turn authorize lower ones still, forming a chain of trust.

If your client fails with "peer unauthorized", then the likelihood is that the cert provided by the server can't be linked to form such a chain and the solution would be to either change the server cert to one that can be linked or to add a cert that can be linked to the client.

It's also possible that the server is using a self-signed cert in which case the client has to explicitly approve the server cert. On an interactive browser, that's done via a pop-up dialog. On an automated client you have to use other means and unfortunately I can't remember how that's done, so I'm afraid you'll need to do some homework.

I don't think changing the socketFactoryProvider is going to do it, though. If what little memory remains is correct, it's an option of the application code's connection options.
It will give me the powers of the gods. Not bad for a tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!