Getting "Peer's Certificate issuer is not recognized" error while making an API call

Investigating this issue, I found that this error was thrown because the certificates in the chain were not uploaded in the proper order to the Keystore.

As explained in the link,

If you have a certificate chain, and want to use that chain in a keystore or truststore, then you can combine all of the certs into a single PEM file. The certs have to be in order and the last cert must be a root certificate or an intermediate cert signed by a root certificate as shown below:

Your Primary SSL Certificate

Intermediate Certificate

Root Certificate or Intermediate Certificate signed by a root certificate

In addition, we should also ensure the below:

• Issuer of the Intermediate certificate should be same as the Subject of the Primary Certificate
• Issuer of the next Intermediate/Root certificate should be same as the Subject of the first Intermediate Certificate
• and this continues until the last cert

Note: There can be multiple intermediate certificates in the certificate chain.

In this case, the Keystore had incorrect order of certificates as shown below:

Your Primary SSL Certificate

Intermediate Certificate 1

Root Certificate

Intermediate Certificate 2

This basically resulted in a mismatch. That is, the Issuer of Intermediate Certificate 1 did not match with the Subject of the Root Certificate, so we got the error "Peer's Certificate issuer is not recognized."

Re-uploading the certificate chain in the proper order (shown below) to the Keystore fixed the issue.

Your Primary SSL Certificate

Intermediate Certificate 1

Intermediate Certificate 2

Root Certificate