I'm trying to consume a REST service from my application. Below is the code snippet I'm using.
This is working fine in my machine and test environment. But it fails in PROD. Below is the stack trace
The potential difference between stage and prod environment is the ssl configuration. In stage we are pointing to JSSE2 where as in prod we are pointing websphere. So, I'm trying to override the websphere configuration with jsse2 programatically in my app.
I tried using but its still giving the same error. Any suggestion is really appreciated.
I can't say for certain, but I'd suspect that the server's TLS certificate isn't trusted by the client.
When you use TLS/SSL in a web client, the client has a set of master certs it trusts (a set is bundled with the JVM). These certs are used to authorize lower-level certs that aren't in the master list, and those certs can in turn authorize lower ones still, forming a chain of trust.
If your client fails with "peer unauthorized", then the likelihood is that the cert provided by the server can't be linked to form such a chain and the solution would be to either change the server cert to one that can be linked or to add a cert that can be linked to the client.
It's also possible that the server is using a self-signed cert in which case the client has to explicitly approve the server cert. On an interactive browser, that's done via a pop-up dialog. On an automated client you have to use other means and unfortunately I can't remember how that's done, so I'm afraid you'll need to do some homework.
I don't think changing the socketFactoryProvider is going to do it, though. If what little memory remains is correct, it's an option of the application code's connection options.
Being persecuted doesn't in any way prove your righteousness or your beliefs. Many people get persecuted because they are repugnant or annoying. Or just because they can be.
It will give me the powers of the gods. Not bad for a tiny ad: