Support Article
Gateway test connectivity is good but shows Invalid Certificates
SA-31760
Summary
User is on Pega 7.1.9 and using Internet Application Composer (IAC) 7.1 which is shipped by default from media.
User updated web.xml in the war file to update the path of the keystore.
After updating the keystore path, Gateway console test connectivity to host node is good, but shows Invalid Certificates on the Host URL.
Invalid certificate error in Pega Host URL on host configuration page of web mashup configuration.
Error Messages
After enabling SSL debug logs one can see below exceptions in the server logs:
13:59:04,314 INFO [com.pega.pegarules.gateway] (http-/0.0.0.0:8443-1) Got Certificates for https://......./prweb/PRServlet [Ljava.security.cert.Certificate;@d78cae4
13:59:04,315 SEVERE [com.pega.pegarules.gateway] (http-/0.0.0.0:8443-1) Exception in getting certificates from https://...../prweb/PRServlet String index out of range: -1
13:59:04,316 STDERR [stderr] (http-/0.0.0.0:8443-1) java.lang.StringIndexOutOfBoundsException: String index out of range: -1
13:59:04,317 STDERR [stderr] (http-/0.0.0.0:8443-1) at java.lang.String.substring(String.java:1967)
Steps to Reproduce
1)Configure SSL handshake in the server.
2)Configure prgateway in the server and on host configuration landing page enter the https URL for host.
3) Observe invalid certificate error on click of red icon.
Root Cause
Single entry case of a certificate either CN or OU was not handled.
Resolution
Apply HFix-30842.
Published January 5, 2017 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.