This week's book giveaway is in the XML and Related Technologies forum.
We're giving away four copies of Java XML & JSON and have Jeff Friesen on-line!
See this thread for details.
Win a copy of Java XML & JSON this week in the XML and Related Technologies forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Devaka Cooray
  • Jeanne Boyarsky
  • Bear Bibeault
  • Junilu Lacar
  • Paul Clapham
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • salvin francis
  • Carey Brown
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

SSL Peer Unauthorized Issue  RSS feed

Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello All,

I'm trying to consume a REST service from my application. Below is the code snippet I'm using.

This is working fine in my machine and test environment. But it fails in PROD. Below is the stack trace

The potential difference between stage and prod environment is the ssl configuration. In stage we are pointing to JSSE2 where as in prod we are pointing websphere. So, I'm trying to override the websphere configuration with jsse2 programatically in my app.

I tried using but its still giving the same error. Any suggestion is really appreciated.

Posts: 20307
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can't say for certain, but I'd suspect that the server's TLS certificate isn't trusted by the client.

When you use TLS/SSL in a web client, the client has a set of master certs it trusts (a set is bundled with the JVM). These certs are used to authorize lower-level certs that aren't in the master list, and those certs can in turn authorize lower ones still, forming a chain of trust.

If your client fails with "peer unauthorized", then the likelihood is that the cert provided by the server can't be linked to form such a chain and the solution would be to either change the server cert to one that can be linked or to add a cert that can be linked to the client.

It's also possible that the server is using a self-signed cert in which case the client has to explicitly approve the server cert. On an interactive browser, that's done via a pop-up dialog. On an automated client you have to use other means and unfortunately I can't remember how that's done, so I'm afraid you'll need to do some homework.

I don't think changing the socketFactoryProvider is going to do it, though. If what little memory remains is correct, it's an option of the application code's connection options.
All of the world's problems can be solved in a garden - Geoff Lawton. Tiny ad:
RavenDB is an Open Source NoSQL Database that’s fully transactional (ACID) across your database
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!