Connect-REST fails to connect
SummaryConnect-REST fails to connect to a service which excepts Server Name Indication (SNI) during handshake.
Exception caught during REST Connector connectivity test : Connection to service failed
com.pega.pegarules.pub.PRRuntimeException: Connection to service failed
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Steps to Reproduce1) Create Connect-REST or use existing one.
2) Click on "TestConnectivity".
3) Try running the actual activity which invokes the REST connector.
4) Verify the SSL debug log. The extension server_name will be missing in client hello:
Extension server_name, server_name: [type=host_name (0), value=<endpointserver.com>] ( This line is missing)
Root CauseServer Name Indication (SNI) feature is not supported until Pega 7.2.2.
This is a is a known issue when a service provider is supporting multiple host names on a given IP address and port number. In Pega 7.2.2 the Apache libraries has been upgraded and is not feasible to port in older release.
ResolutionPerform the following local-change:
The solution is to work with the service provider to:
Change the default certificate for non-SNI clients
Provide an alternate port to access the alternate host & certificate
Upgrade to Pega 7.2.2
Published April 20, 2017 - Updated May 9, 2017