iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier

When I invoke customer’s HTTPS URL by method ‘post’ through wM Designer 9.0
I get the following error.
“iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier”
I have placed customer’s certificate to our server truststore and customer also imported our certificate to their list. I have reloaded the truststore on Integration Server,but it do not work.

If anybody can help?

Thanks for help.
Lydia Zheng

check if you have the CA root and intermediate certs of the client cert in your trust store. you don’t need to load their server cert, just the issuer’s cert chain.

1 Like

the client cert just is one-level cert,there are not CA root and intermediate certs

well, still your WM is not trusting their server’s cert, a few possibilities you can look into:
–their server is using a different cert than the one you were given, you can use browser to obtain their server cert to verify
–the cert is not a valid server cert somehow, it doesn’t have the proper usage/extension.
–double check you truststore, you have the right cert there.

This guide talks about your error a bit and also has some info on troubleshooting SSL issues: https://empower.softwareag.com/images/webMethods%20Advanced%20Troubleshooting%20Guide%204.1_tcm121-94566.pdf

Percio

Hi Lydia, did you clear the SSL cache (Security > Certificates) from wM IS after loading the new SSL cert?

Lydia – Did you able to fix the issue ? Please let us know if you have any blocks to come-out from this issue.

Thanks,

Dear All,
As Tony Wang said,the cert is not a valid server cert .
customer provided a new cert,then it’s OK now,thank to you all.

Thanks