tomcat6 apache cxf javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Question

I have a web application using java 7 and tomcat 6 on ubuntu 12.04. It uses apache cxf to make REST calls to a web service on a different server over https. It has been working fine until about 11am today. Then for each REST call whether GET or POST, I receive

 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
 Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target errors in catalina.out.  

The certificate is in the

 jdk/jre/lib/security/cacerts 

and does not expire until 2018. When I restart tomcat the program runs fine.

Any idea what would trigger this?

Thanks in advance

Randy

Answer 1

If you are entirely certain that this is not a validity period problem with the service's certificate, here are some more situations to check for:

1. The certificate on the service side was changed so the one in cacerts is now not doing anything
2. The certificate you installed was the a system's certificate and you are now connecting to a different node due to load balancing (if so, you would need an intermediate or CA cert)
3. The service requires Mutual TLS (aka 2-way SSL) and the certificate on your side is now missing or invalid
4. A host name has changed such that the certificate(s) are no longer valid
5. Some software or configuration file has changed and now the client and service do not have SSL/TLS versions in common.