Accessing Paglet Producer via SSL with Servers that have Self-Signed Certificates Fails with Exception "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" (Doc ID 1530386.1)

Last updated on NOVEMBER 19, 2016

Applies to:

Oracle WebCenter Portal - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

Configuring Pagelet Producer to be able to proxy HTTPS resources which use self-signed or certificates issued by untrusted authorities.

The content server and the pagelet producer server both use self-signed SSL certificates.  The pagelet producer server has the content server's SSL certificate imported into its keystore/truststore. 

The exception in the pagelet producer log is this:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
    at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:176)
    at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:78)
    at weblogic.servlet.internal.ServletRequestImpl.initFromRequestParser(ServletRequestImpl.java:269)
    at weblogic.servlet.internal.MuxableSocketHTTP.dispatch(MuxableSocketHTTP.java:278)
    at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:242)
    at weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:185)
    at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:242)
    at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:950)
    at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:898)
    at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:130)
    at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
    at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
    ....
     Caused by: sun.security.validator.ValidatorException: PKIX path building
      failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
      find valid certification path to requested target
     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
     at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
     at sun.security.validator.Validator.validate(Validator.java:218)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
     .... 

  

Changes

 

The same works in HTTP. If the source URL is set to the HTTPS address of the content server, then accessing a pagelet via the pagelet producer fails with the error mentioned above.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms