Skip to main content

Support Article

Error "peer not authenticated" on connect-REST request

SA-8003

Summary



Error "peer not authenticated" on connect-REST request

User is testing Pega 7.1.7 upgrade and is receiving error "peer not authenticated" on connect-REST request. This was working with same config in PRPC 6.3. User had the same issue in PRPC 6.3 during initial development and was resolved by SR-114965. The resolution included install of HFIX-9286 and also config changes in cloud environment as per pdn article: "https://pdn.pega.com/security/how-to-set-up-two-way-ssl-for-soap-over-http-using-rule-connect-soap". The issue is now occurring again on PRPC 7.1.7. The configurations are followed as earlier, but we are not sure if the HFIX exists in Pega 7.1.7.

Error Messages




Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
     at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
     at com.pega.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
     at com.pega.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:398)
     at com.pega.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:496)
     at com.pega.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
     at com.pega.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
     at com.pega.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
     at com.pega.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
     at com.pega.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)
     at com.pega.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
     at com.pega.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:825)
     at com.pega.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:759)
     at com.pegarules.generated.activity.ra_action_pyinvokerestconnector_ea5a601f5c30c4d8bb2e5da269e20397.step5_circum0(ra_action_pyinvokerestconnector_ea5a601f5c30c4d8bb2e5da269e20397.java:1276)

Steps to Reproduce



1) Submit connect-REST request to https URL of service.

Root Cause



The root cause of this problem is defect/misconfiguration in the PRPC operating environment.

In Pega7 Security improvements were made to Connect-REST rules so that it runs under a SecurityManager and SSLSocketFactory from within the Pega application and not resorting to the underlying JDK’s SecurityManager and SSLSocketFactory.

Resolution



This issue is resolved through the following local change:
 
  1. FTP or download the following KeyStore file from the server under following file system path to your windows environment
  2. FTP or download the following TrustStore file from the server under following file system path to your windows environment
  3. Login to PRPC DesignerStudio and create new “KeyStore” and “TrustStore” rules using the following details and upload the corresponding files from Step 1 and 2 above. Save and check-in the rules.
    1. KeyStore –
      1. Keystore type – JKS
      2. Keystore password – keystorepassword
      3. Upload File – keystore.file
    2. Truststore –
      1. Keystore type – JKS
      2. Keystore password – truststorepassword
      3. Upload File – truststore.file
  4. Open the Connect-REST rule form and specify the above created Truststore and Keystore in “Security settings” section under the “Service” tab. Save and check-in rule.
  5. Re-start the PRPC JVMs.
Suggest Edit

Published January 31, 2016 - Updated October 8, 2020

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us