Getting javaioIOException iaiksecuritysslSSLException Server certificate rejected by ChainVerifi ...

I am currently running Integration Server 4.6 and Trading Networks 4.6. When I try to connect to one of our vendors (who is running B2BServer 3.5.1) via https I get the following error:

com.wm.app.b2b.server.ServiceException: java.io.IOException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
at pub.client.http(client.java:756)
at java.lang.reflect.Method.invoke(Native Method)
at com.wm.app.b2b.server.JavaService.baseInvoke(JavaService.java:281)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:688)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:480)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:437)
at com.wm.app.b2b.server.Service.doInvoke(Unknown Source)
at com.wm.app.b2b.server.Service.doInvoke(Unknown Source)
at wm.tn.transport.http(transport.java:170)
at wm.tn.transport.primaryHttps(transport.java:451)
at java.lang.reflect.Method.invoke(Native Method)
at com.wm.app.b2b.server.JavaService.baseInvoke(JavaService.java:281)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:688)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:450)
at com.wm.app.b2b.server.Service.doInvoke(Unknown Source)
at com.wm.app.b2b.server.Service.doInvoke(Unknown Source)
at com.wm.app.tn.delivery.DeliveryUtils.invokeLocal(DeliveryUtils.java:930)
at com.wm.app.tn.delivery.DeliveryUtils.invokeService(DeliveryUtils.java:569)
at com.wm.app.tn.delivery.GuaranteedJob.invoke(GuaranteedJob.java:203)
at com.wm.app.tn.delivery.JobMgr$JobExecutor.run(JobMgr.java:970)
at com.wm.util.pool.PooledThread.run(C:/NT/Perforce/basis/4.1.0-terra/module/core/source/com/wm/util/pool/PooledThread.java:103)
at java.lang.Thread.run(Thread.java:484)

I don’t have the trusted store setup in IS, so I believe that the IS server should trust any certificates. I’m not using client certificates, I’m just trying to complete a simple SSL handshake between the two servers. The other weird thing I noticed is that the vendor we are connecting to is using X 509 version 1 certificates instead of the normal X 509 version 3 certificates. Does anyone know if IS 4.6 supports only Version 3 and not Version 1?

Any info would be much appreciated.

Thanks,

Duain

Duain - If I understand correctly, you are the SSL client and your B2B partner is the SSL server. And if that’s the scenario, you still have to have the server’s CA certificate in your client’s trusted store. This may be your problem. Just import the server’s CA cert into your client’s trusted store. For more info, check out page 106 in the IS Administrator’s Guide. Good luck.

I have a similar problem but I am trying to connect a client java app which uses client.jar to my IS server which has a https port. I can connect using internet explorer, but when I use the java app I get the following error…


Server certificate rejected by ChainVerifier

com.wm.util.LocalizedCertificateException: [B2BCORE.0009.9001] Certificate chain broken: not linked properly at com.wm.security.cert.wmChainVerifier.verifyChain(wmChainVerifier.java


Can I set up a trusted store for my app? How?

Hi,

I have posted a solution on this issue in the following link under:
wMUsers Discussion Forums » Managing the webMethods Platform » Managing webMethods 6 » Bad Certificate

http://www.wmusers.com/wmusers/messages/1825/26268.shtml?1077631503

Juan Zurita
Novozymes IT
Denmark

Similar problem…

I am using just one IS as a test. Configured https port and certificates (the admin console bring up the page just fine on that port)

I created a flow service, which uses pub.client:http and send byte data over https to the same box.

I get this error: com.wm.app.b2b.server.ServiceException: java.io.IOException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier