Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Connect-REST call throws error for TLSv1.2

SA-28711

Summary



PEGA 7.1.7 with Tomcat supports minimum TLS 1.0 version. The requirement is to allow minimum TLS 1.2 only. When a REST connect call is made the reported error is getting thrown.


Error Messages



Fail: Caught unhandled exception: ssl.SSLPeerUnverifiedException: peer not authenticated.
 

Steps to Reproduce

  1. Make sure Tomcat is configured for TLS 1.2 version (sslEnabledProtocols="TLSv1.2")
  2.  In REST connector wizard check there is no option to configure SSL protocol.
  3. Try to make REST call and observe it fails.
  4. Reconfigure the Tomcat to also allow TLS 1.0, the REST call works properly.
  5. Therefore Pega 7.1.7 for REST Connectors uses the default SSL protocol type


Root Cause



A defect or configuration issue in the operating environment:
  1. In REST connector (OOTB) there is no way you can configure the SSL protocol.
  2. Also, in step 4 of pyInvokeRestConnector activity (OOTB) the communication protocol is set to String protocol = "SSL"


Resolution

Perform the following local-change:

Update and save OOTB pyInvokeRestConnector activity in local ruleset and update step 4 to set

    String protocol ="SSL" 
        TO
    String protocol ="TLSv1.2" 


Note: This change makes all connectors to use the version mentioned in the above lines. In this case it was a perfect fix as only TLSv1.2 was supposed to be allowed.

 
Suggest Edit

Published October 11, 2016 - Updated October 8, 2020

Did you find this content helpful? Yes No

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us