Support Article
Connect-REST call throws error for TLSv1.2
SA-28711
Summary
PEGA 7.1.7 with Tomcat supports minimum TLS 1.0 version. The requirement is to allow minimum TLS 1.2 only. When a REST connect call is made the reported error is getting thrown.
Error Messages
Fail: Caught unhandled exception: ssl.SSLPeerUnverifiedException: peer not authenticated.
Steps to Reproduce
- Make sure Tomcat is configured for TLS 1.2 version (sslEnabledProtocols="TLSv1.2")
- In REST connector wizard check there is no option to configure SSL protocol.
- Try to make REST call and observe it fails.
- Reconfigure the Tomcat to also allow TLS 1.0, the REST call works properly.
- Therefore Pega 7.1.7 for REST Connectors uses the default SSL protocol type
Root Cause
A defect or configuration issue in the operating environment:
- In REST connector (OOTB) there is no way you can configure the SSL protocol.
- Also, in step 4 of pyInvokeRestConnector activity (OOTB) the communication protocol is set to String protocol = "SSL"
Resolution
Perform the following local-change:Update and save OOTB pyInvokeRestConnector activity in local ruleset and update step 4 to set
String protocol ="SSL"
TO
String protocol ="TLSv1.2"
Note: This change makes all connectors to use the version mentioned in the above lines. In this case it was a perfect fix as only TLSv1.2 was supposed to be allowed.
Published October 11, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.