Our system is wM 6.1, their system wM 6.1.
Task: send via HTTPS.
They can send to us via HTTPS with no problem.
We receive the ‘Server certificate rejected by ChainVerifier’ when sending to them via HTTPS. We do not receive this error sending HTTP.
Our setup is that they send to our proxy server and we use reverse invokes.
Their setup is that we send directly to their wM box.
Any suggestions?
Thanks,
Todd Jordan
Have you tried hitting their https url via browser and opening their cert to see which CA’s are in their chain? And - perhaps if one of them is expired?? We had a similar issue recently when a customers cert was using one a particular Verisign CA in thier change that had expired (http://www.verisign.com/support/vendors/exp-gsid-ssl.html)
Most common reasons for this message:
- certificate expired
- server certificate not signed by a trusted CA
If you have openssl available, you can use it to test the connection as well. It provides a lot more detail than browsers . . .
$ openssl s_client -connect myhost:443 -CAfile cacert.pem -state
Verify the “watt.security” properties in /config/server.cnf. Some of them point to the folders that contain your certificates.
As a temporary workaround you may switch off the chain verification by setting
watt.security.cert.wmChainVerifier.trustByDefault=true
Good luck!