SAP Peer certificate rejected by ChainVerifier

Issue:Your SAP application is trying to consume a web service and getting SSL certificate error Peer certificate rejected by ChainVerifier  

Logs : You are seeing following logs application logs. The SAP application can be a PI/PO system , XMII/MES system or any other SAP NetWeaver Java application trying to consume web service over https.

SSLCertificateException: Peer certificate rejected by ChainVerifier
 [ERROR] Post Action: error occurred while trying to connect to the server Exception: [Peer certificate rejected by ChainVerifier]
[WARN] [HTTP_Post_0] Skipping execution of output links due to action failure. For Transaction : xyzServiceName
[ERROR] Uncaught exception from HTTP_Post_0
SOAP service could not be loaded : XmlProxy Error: Peer certificate rejected by ChainVerifier

Cause :This is caused due to SSL certificate check failed.Calling application (client) must have a valid SSL certificate installed  in the trust-store to have a successful SSL connection handshake. 

Resolution : If the server has renewed its certificate or changed its certificate authority we need to download the new certificate from the web service URL and install in our SAP system. 

How to install SSL certificate in SAP JAVA?

1. Open the Web service URL in the browser. Download and save SSL certificate for web service .
Download certificate from Web Service for SAP JAVA

Save SSL certificate for SAP JAVA

2. Import certificate in SAP JAVA key store. 

Go to NWA of your SAP JAVA application 
http://youSAPServerHostName:5<xx>00/nwa > Configuration > Security > Certificate and Keys

Scroll down to "TrustedCAs"  and import the certificate in X.509 format.
Import SSL certificate in SAP JAVA Keystore

There is no need to restart SAP JAVA once the certificate is imported it should work automatically. 

For PI/PO usage scenario : If you are working with SOAP Adapter in SAP PI , you can restart the communication channel to clear the cache.

Reference: SAP notes

1829329 - Peer certificate rejected by ChainVerifier.
2455391 - WS Navigator error  : Peer certificate rejected by ChainVerifier