Rest API call through Policy Xpress fails with Peer not authenticated error
Article ID: 130175
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Issue/Introduction
We are calling a REST based API via Policy Xpress, and it is failing with a "Peer not authenticated" error. The same REST call made via SoapUI is successful.
Environment
Release:
Component: IDMGR
Component: IDMGR
Cause
The fact that the REST call works via SoapUI but fails with "Peer not authenticated" via Policy Xpress indicates an issue with the SSL certificate used by IDM. Either no valid SSL certificate has been imported to the cacerts that is within the JDK used by IDM, or the certificate may have expired.
Resolution
To validate and import the certificate, do the following:
1. On the IDM server, confirm the value of JAVA_HOME, e.g. from standalone.bat within the <JBOSS>\bin folder.
2. The certificate needs to have been imported to $JAVA_HOME\jre\lib\security\cacerts. You can check the certificates by running "keytool -list -v -keystore cacerts".
3. If the necessary certificate is not contained there, or is expired, use the keytool command to import it, e.g.: keytool -importcert -file <the ca cert file> -keystore $JAVA_HOME/jre/lib/security/cacerts
1. On the IDM server, confirm the value of JAVA_HOME, e.g. from standalone.bat within the <JBOSS>\bin folder.
2. The certificate needs to have been imported to $JAVA_HOME\jre\lib\security\cacerts. You can check the certificates by running "keytool -list -v -keystore cacerts".
3. If the necessary certificate is not contained there, or is expired, use the keytool command to import it, e.g.: keytool -importcert -file <the ca cert file> -keystore $JAVA_HOME/jre/lib/security/cacerts
Feedback
Yes
No
Powered by
