Win a copy of Serverless Applications with Node.js this week in the NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Junilu Lacar
  • Paul Clapham
  • Knute Snortum
Saloon Keepers:
  • Stephan van Hulst
  • Ron McLeod
  • Tim Moores
  • salvin francis
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Vijitha Kumara

SSL Peer Unauthorized Issue  RSS feed

 
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello All,

I'm trying to consume a REST service from my application. Below is the code snippet I'm using.



This is working fine in my machine and test environment. But it fails in PROD. Below is the stack trace



The potential difference between stage and prod environment is the ssl configuration. In stage we are pointing to JSSE2 where as in prod we are pointing websphere. So, I'm trying to override the websphere configuration with jsse2 programatically in my app.

I tried using but its still giving the same error. Any suggestion is really appreciated.

Thanks
 
Bartender
Posts: 20580
121
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can't say for certain, but I'd suspect that the server's TLS certificate isn't trusted by the client.

When you use TLS/SSL in a web client, the client has a set of master certs it trusts (a set is bundled with the JVM). These certs are used to authorize lower-level certs that aren't in the master list, and those certs can in turn authorize lower ones still, forming a chain of trust.

If your client fails with "peer unauthorized", then the likelihood is that the cert provided by the server can't be linked to form such a chain and the solution would be to either change the server cert to one that can be linked or to add a cert that can be linked to the client.

It's also possible that the server is using a self-signed cert in which case the client has to explicitly approve the server cert. On an interactive browser, that's done via a pop-up dialog. On an automated client you have to use other means and unfortunately I can't remember how that's done, so I'm afraid you'll need to do some homework.

I don't think changing the socketFactoryProvider is going to do it, though. If what little memory remains is correct, it's an option of the application code's connection options.
 
Surfs up space ponies, I'm making gravy without this lumpy, tiny ad:
global solutions you can do in your home or backyard
https://coderanch.com/t/708587/global-solutions-home-backyard
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!