iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier

zoomer1961 · December 2, 2007, 11:27pm

We use IS_6-5_SP2

We have two servers, not clustered. We have a brand new interface to connect to server xyz.com

My IS server A can do a https post to xyz.com with no errors.
My IS server B is getting the error “iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier”. We actually use a IP address to reach them so both servers are trying the exact same server/IP address.

Both boxes appear to have identical configurations, share the same certs for the virtual ip, located in the same datacenter, same IDMZ.

I have searched for answers on this site and advantage and have not found anything to solve my problem or help troubleshoot.

These are production boxes so my access to making changes is limited. I can make changes via the admin console but would have to get a sys admin to assist with any Sun Unix level restarts, etc.

Any suggestions for troubleshooting? Thanks in advance.

ylo · December 21, 2007, 8:04am

The most likely cause is that the CA ROOT certs are not installed on each of your IS servers. Try installing all the relevant CA ROOT certs on all of your IS servers and refresh the CA_ROOT cache on the IS server and try again.