javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Not applicable

Hi there,

Trying to make a rest call to the following: https://api.hubapi.com/contacts/v1/lists/recently_updated/contacts/recent (with some params and my api-key)
results in a “javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated” for the last 2 days.
Call is made from a Groovy application running on tomcat7 on Ubuntu instance.
Does someone have an idea?

Thanks in advance !

0 Upvotes
5 Replies 5
Derek_Gervais
HubSpot Employee

Hi @Quent,

We recently made a change that would have switched the certificate authority that would be used for the SSL certificate at api.hubapi.com. If you’re having trouble validating the certificate, you may need to update the root CAs installed on your server.

0 Upvotes
Not applicable

Hi @Derek_Gervais,

I tried to update the certificate on the server but still get the exception.
Strange things is that it always has been working on my acceptance environment (without any changes) but not on production one.
What’s the best way to get the api certificate?
Thanks in advance,
Quentin.

0 Upvotes
Derek_Gervais
HubSpot Employee

Hi @Quent,

It’s possible that after updating the CAs, the service didn’t actually pick up on that update yet. If you haven’t already, you could try restarting the service so it’s using the updates and not the old cached CAs. It’s difficult to troubleshoot these issues since they’re very environment-specific. You can see the full chain of the certificate path up to the root CA at the link below; I’d recommend double-checking that the specific root CA is installed and up-to-date in your system.

https://www.digicert.com/help/?host=api.hubapi.com

0 Upvotes
prakashmani
Member

Hi,

 

I am randomly getting the below error. Few times, the call is successful and other times hubspot API says, I/O error on POST request for "https://api.hubapi.com/contacts/v1/contact/": peer not authenticated.

 

-Prakash

Derek_Gervais
HubSpot Employee

Hi @prakashmani,

 

This Stackoverflow topic might help here. To pull a quote from it:

Assuming the server certificate is signed by a well-known CA, this is happening
because the set of CA certificates available to a modern browser is much larger
than the limited set that is shipped with the JDK/JRE.
0 Upvotes