Support Article
Not able to import/connect remotely using DevOps scripts
SA-51371
Summary
Using prpcServiceUtils to connect remotely to Pega environment running on Weblogic server for import of jars works correctly when using http endpoint but fails when using https.
Error Messages
Error 1:
REQUEST_EXECUTION_ERROR com.pega.pegarules.serviceclient.exception.PRPCServiceException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Error2:
javax.net.ssl.SSLPeerUnverifiedException: Host name 'your_pega_server_host' does not match the certificate subject provided by the peer (CN=your_cn_NOT_matching_pega_server_host, OU=<ou>, O="<O>", L=San jose, ST=California, C=US)
Steps to Reproduce
1. Copy the prpcServiceUtils_73.jar to a folder in the pega stage.
2. Give the all the permissions to the user.
3. Configure the prpcServiceUtils.properties to update the target pega url and user id and password.
Also update file with the jar name to be imported.
4.Execute the prpcServiceUtils.sh in Unix.
Root Cause
A defect or configuration issue in the operating environment.
The Weblogic server is configured with custom trust keystore with custom trust certificates.
Resolution
prpcServiceUtils does not allow ignoring hostname verification. Either map out the Rest call made by prpcServiceUtils into another tool that allows ssl communication with hostname mismatching public cert CN or update your certificates to match the CN with the hostname.
For Error1, modify prpcUtilsWrapper.xml to specify appropriate trust keystore.
For Error2, make sure the Pega server host name matches the public cert's CN.
Published May 7, 2018 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.