Rest API call through Policy Xpress fails with Peer not authenticated error

book

Article ID: 130175

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

We are calling a REST based API via Policy Xpress, and it is failing with a  "Peer not authenticated" error.  The same REST call made via SoapUI is successful.

Cause

The fact that the REST call works via SoapUI but fails with "Peer not authenticated" via Policy Xpress indicates an issue with the SSL certificate used by IDM.  Either no valid SSL certificate has been imported to the cacerts that is within the JDK used by IDM, or the certificate may have expired.

Environment

Release:
Component: IDMGR

Resolution

To validate and import the certificate, do the following:

1. On the IDM server, confirm the value of JAVA_HOME, e.g. from standalone.bat within the <JBOSS>\bin folder. 

2. The certificate needs to have been imported to $JAVA_HOME\jre\lib\security\cacerts. You can check the certificates by running "keytool -list -v -keystore cacerts". 

3. If the necessary certificate is not contained there, or is expired, use the keytool command to import it, e.g.: keytool -importcert -file <the ca cert file> -keystore $JAVA_HOME/jre/lib/security/cacerts