Support Article
"peer not authenticated" error when using valid NTLM credentials
SA-23078
Summary
While attempting to use provided operations from an Exchange Web Service (EWS) located on our client's network 'https://xxx.yyy.net', user is receiving an error stating that "peer not authenticated" when the credentials used are valid.
User is operating within the network environment where user has access and successful authentication to Microsoft Lync and Microsoft Outlook. The authentication error is causing a SOAP service failure and is keeping our team from being able to provide an Exchange integration for our client's application. The web service and NTLM authentication works successfully using third party software SoapUI.
Error Messages
peer not authenticated
Steps to Reproduce
Within a secure NTLM authenticated environment, attempt to use and access a web service that requires NTLM authentication.
Root Cause
The truststore used by the Websphere application server is different from where the user has imported the required certificates.
As per the system.out logs with the JVM flag -Djavax.net.debug=all, it is found WAS server is using the default JAVA Cacerts trust store file at the location
D:\Program Files (x86)\IBM\WebSphere\AppServer\java\jre\lib\security\cacerts
However as per the custom configuration, it should be trust.p12, where user has imported the required certificates:
${CONFIG_ROOT}/cells/XXXNode01cell/nodes/XXXNode01/trust.p12
Resolution
The WAS SSL property conglutination file is affecting the server to select the wrong trust store file. After correcting the property file to choose the correct truststore, the issue is resolved.
Published May 13, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.