Expand my Community achievements bar.

SOLVED

I'm having an issue making an HTTPS request from AEM Backend, javax.net.ssl.SSLPeerUnverifiedException

Avatar

Level 1
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
	at java.base/sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:556)
	at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:257) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.28]
	at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:115) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.28]
	at com.day.commons.httpclient.impl.JDK7SSLProtocolSocketFactory.createSocket(JDK7SSLProtocolSocketFactory.java:99) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.28]
	at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:156) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.28]
	at com.day.commons.httpclient.impl.JDK7SSLProtocolSocketFactory.createSocket(JDK7SSLProtocolSocketFactory.java:88) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.28]
	at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:714) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.28]
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:394) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.28]
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:178) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.28]
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:404) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.28]
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:330) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.28]

 

1 Accepted Solution

Avatar

Correct answer by
Level 5

Hi @mohammed9109 ,

As mentioned by @cshawaus it is really impossible to identify the actual root cause of the issue unless there is a use-case scenario. But to the best of my knowledge, I have identified a few possible situations for the same error.

The javax.net.ssl.SSLPeerUnverifiedException is thrown when there is an issue with the SSL/TLS certificate being used for an HTTPS connection. One common cause of this exception is that the certificate presented by the server is not trusted by the client.

Here are a few things you can check:

  • Make sure that the server's certificate is installed in the truststore of the JVM that is running AEM. The truststore typically contains a collection of trusted root CA certificates and is used by the JVM to verify the authenticity of the server's certificate.

  • Check the certificate chain, Make sure that the certificate presented by the server is signed by a trusted CA and that the entire certificate chain is valid.

  • The certificate might be expired, make sure that the certificate is not expired and that the clock on the server is correct

  • Verify that the hostname in the server certificate matches the hostname of the server you're trying to connect to.

  • Check the configuration, ensure that the client and server are using compatible SSL/TLS protocols and ciphers.

You may also find that you need to import the server's certificate or CA chain into the JVM truststore using the keytool command. This command can be used to import, list, and manage certificates and private keys in a JKS keystore.

If none of the above solutions help, You may want to try importing the server's SSL certificate and adding it to the AEM truststore, which is located in the crx-repository folder, this will help to create a trust relationship between the client and server

It's also possible that the error message is indicating a different problem, and you may need to look into other areas of the system, such as network configurations, firewall rules, or load balancers. In this case, you should check the error logs and troubleshoot accordingly.

Hope this helps !

Thanks,

Ravi Joshi

View solution in original post

2 Replies

Avatar

Level 3

@mohammed9109 Without knowing what you are attempting to connect to or any code to review, it is impossible to understand the potential cause. However, the likely cause is due to a certificate that is:

  1. Expired and no longer valid
  2. Self-signed and not trusted by the Java Trust Store

Beyond this it is not possible to provide an answer with certainly without completely knowing the context.

Avatar

Correct answer by
Level 5

Hi @mohammed9109 ,

As mentioned by @cshawaus it is really impossible to identify the actual root cause of the issue unless there is a use-case scenario. But to the best of my knowledge, I have identified a few possible situations for the same error.

The javax.net.ssl.SSLPeerUnverifiedException is thrown when there is an issue with the SSL/TLS certificate being used for an HTTPS connection. One common cause of this exception is that the certificate presented by the server is not trusted by the client.

Here are a few things you can check:

  • Make sure that the server's certificate is installed in the truststore of the JVM that is running AEM. The truststore typically contains a collection of trusted root CA certificates and is used by the JVM to verify the authenticity of the server's certificate.

  • Check the certificate chain, Make sure that the certificate presented by the server is signed by a trusted CA and that the entire certificate chain is valid.

  • The certificate might be expired, make sure that the certificate is not expired and that the clock on the server is correct

  • Verify that the hostname in the server certificate matches the hostname of the server you're trying to connect to.

  • Check the configuration, ensure that the client and server are using compatible SSL/TLS protocols and ciphers.

You may also find that you need to import the server's certificate or CA chain into the JVM truststore using the keytool command. This command can be used to import, list, and manage certificates and private keys in a JKS keystore.

If none of the above solutions help, You may want to try importing the server's SSL certificate and adding it to the AEM truststore, which is located in the crx-repository folder, this will help to create a trust relationship between the client and server

It's also possible that the error message is indicating a different problem, and you may need to look into other areas of the system, such as network configurations, firewall rules, or load balancers. In this case, you should check the error logs and troubleshoot accordingly.

Hope this helps !

Thanks,

Ravi Joshi