Error retrieving metadata: SSLPeerUnverifiedException

Cantor, Scott cantor.2 at
Thu Aug 27 21:27:57 EDT 2015

On 8/27/15, 9:18 PM, "users on behalf of Baron Fujimoto" <users-bounces at on behalf of baron at> wrote:
>>Regardless you should be verifying the signtaure on the metadata and simply set the flag to disregard the TLS connection. That's the best choice.
>Is this supported in IdPv2? I found documentation of this attribute under
>the IdPv3, but not for IdPv2. This error also suggests no:

It was called disregardSslCertificate originally, I don't know if it was ever renamed on V2. I also thought it was named disregardTlsCertificate now, not TLS.

>>If you must, you can work around the bug, apparently by setting -Djdk.tls.trustNameService=true on the JVM.
>So assuming the best choice workaround is not an option, I guess that
>leaves setting jdk.tls.trustNameService=true for the JVM?

It is an option, but only if the file is actually signed obviously. Otherwise you can either roll back to an unbroken Java or use that override.

-- Scott

More information about the users mailing list