My Oracle Support Banner

Accessing Paglet Producer via SSL with Servers that have Self-Signed Certificates Fails with Exception "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" (Doc ID 1530386.1)

Last updated on APRIL 27, 2018

Applies to:

Oracle WebCenter Portal - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

Configuring Pagelet Producer to be able to proxy HTTPS resources which use self-signed or certificates issued by untrusted authorities.

The content server and the pagelet producer server both use self-signed SSL certificates.  The pagelet producer server has the content server's SSL certificate imported into its keystore/truststore. 

The exception in the pagelet producer log is this:

    javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
    at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:176)
    at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:78)
    at weblogic.servlet.internal.ServletRequestImpl.initFromRequestParser(ServletRequestImpl.java:269)
    at weblogic.servlet.internal.MuxableSocketHTTP.dispatch(MuxableSocketHTTP.java:278)
    at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:242)
    at weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:185)
    at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:242)
    at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:950)
    at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:898)
    at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:130)
    at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
    at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
    ....
    Caused by: sun.security.validator.ValidatorException: PKIX path building
    failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
    find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
    at sun.security.validator.Validator.validate(Validator.java:218)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
    .... 

  

Changes

 

The same works in HTTP. If the source URL is set to the HTTPS address of the content server, then accessing a pagelet via the pagelet producer fails with the error mentioned above.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.