Peer not authenticated. Stacktrace follows: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated


#1

I am not sure which category to post this to.
We have a grails application running on tomcat7/java7 calling a php5 application running on apache2.
Both of these are served from nginx. Server is ubuntu 14.04.
When the grails applications calls a php rest api, we see an exception in the grails application.
peer not authenticated. Stacktrace follows: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
This does not happen in every server.
For some servers it works smoothly and for some we get this error though we have not configured differently. Where should we look into to solve this?


#2

Java currently does not trust the root certificate Let’s Encrypt uses. You will have to manually import the root certificate into your Java key store. Here’s an example script showing how you would do this.

I believe Oracle is scheduled to include the IdenTrust’s DST root certificate with an upcoming Java update in July, so once this version is deployed, this should not be necessary anymore.

Side note: The example script does not actually import the IdenTrust root certificate, but rather the ISRG root (which is not currently in use) and the intermediate certificates used by Let’s Encrypt. This works just fine and you probably don’t need to care about this, but if you want to do it Just Right™, you might want to just import this one certificate instead: https://www.identrust.com/certificates/trustid/root-download-x3.html
:blush:


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.