search cancel

Rest API call through Policy Xpress fails with Peer not authenticated error


Article ID: 130175


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal


We are calling a REST based API via Policy Xpress, and it is failing with a  "Peer not authenticated" error.  The same REST call made via SoapUI is successful.


Component: IDMGR


The fact that the REST call works via SoapUI but fails with "Peer not authenticated" via Policy Xpress indicates an issue with the SSL certificate used by IDM.  Either no valid SSL certificate has been imported to the cacerts that is within the JDK used by IDM, or the certificate may have expired.


To validate and import the certificate, do the following:

1. On the IDM server, confirm the value of JAVA_HOME, e.g. from standalone.bat within the <JBOSS>\bin folder. 

2. The certificate needs to have been imported to $JAVA_HOME\jre\lib\security\cacerts. You can check the certificates by running "keytool -list -v -keystore cacerts". 

3. If the necessary certificate is not contained there, or is expired, use the keytool command to import it, e.g.: keytool -importcert -file <the ca cert file> -keystore $JAVA_HOME/jre/lib/security/cacerts