Issue:Your SAP application is trying to consume a web service and getting SSL certificate error Peer certificate rejected by ChainVerifier
Logs : You are seeing following logs application logs. The SAP application can be a PI/PO system , XMII/MES system or any other SAP NetWeaver Java application trying to consume web service over https.
SSLCertificateException: Peer certificate rejected by ChainVerifier
[ERROR] Post Action: error occurred while trying to connect to the server Exception: [Peer certificate rejected by ChainVerifier]
[WARN] [HTTP_Post_0] Skipping execution of output links due to action failure. For Transaction : xyzServiceName
[ERROR] Uncaught exception from HTTP_Post_0
SOAP service could not be loaded : XmlProxy Error: Peer certificate rejected by ChainVerifier
Cause :This is caused due to SSL certificate check failed.Calling application (client) must have a valid SSL certificate installed in the trust-store to have a successful SSL connection handshake.
Resolution : If the server has renewed its certificate or changed its certificate authority we need to download the new certificate from the web service URL and install in our SAP system.
How to install SSL certificate in SAP JAVA?
1. Open the Web service URL in the browser. Download and save SSL certificate for web service .
2. Import certificate in SAP JAVA key store.
Go to NWA of your SAP JAVA application
http://youSAPServerHostName:5<xx>00/nwa > Configuration > Security > Certificate and Keys
Scroll down to "TrustedCAs" and import the certificate in X.509 format.
There is no need to restart SAP JAVA once the certificate is imported it should work automatically.
For PI/PO usage scenario : If you are working with SOAP Adapter in SAP PI , you can restart the communication channel to clear the cache.
Reference: SAP notes
1829329 - Peer certificate rejected by ChainVerifier.
2455391 - WS Navigator error : Peer certificate rejected by ChainVerifier