Support Article
R-C-SOAP SSL CertPathValidatorException: signature check failed
SA-4034
Summary
Error in Production PegaRULES log file.
Error Messages
1) javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2014-11-13 23:42:48,003 [127.0.0.1-11009-4] [TABTHREAD3] [ CMCLS:03.10.01] (ngineinterface.service.HttpAPI) ERROR <IP>: com.pega.pegarules.pub.PRRuntimeError
com.pega.pegarules.pub.PRRuntimeError: PRRuntimeError
at com.pega.pegarules.session.internal.mgmt.base.ThreadRunner.runActivitiesAlt(ThreadRunner.java:686)
at com.pega.pegarules.session.internal.mgmt.PRThreadImpl.runActivitiesAlt(PRThreadImpl.java:582)
at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.runActivities(HttpAPI.java:1968)
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequestInner(EngineAPI.java:399)
at sun.reflect.GeneratedMethodAccessor73.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.pega.pegarules.session.internal.PRSessionProviderImpl.doWithRequestorLocked(PRSessionProviderImpl.java:1000)
at com.pega.pegarules.session.internal.PRSessionProviderImpl.doWithRequestorLocked(PRSessionProviderImpl.java:730)
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequest(EngineAPI.java:333)
at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.invoke(HttpAPI.java:667)
at com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:3520)
at com.pega.pegarules.session.internal.mgmt.base.ThreadRunner.runActivitiesAlt(ThreadRunner.java:620)
... 55 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1720)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at com.pega.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:94)
at com.pega.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:496)
... 78 more
Steps to Reproduce
1. Log in as user.
2. Click "New" button to launch new case list and work flow (View that some work types are missing).
3. Try to search for a case ID. SSLHandshake / decrypt error exceptions are received.
4. Invoke a SOAP call, notice the fail message with SSL exception error message.
Root Cause
Servers where the SOAP service is hosted was recently moved to new hardware and there was certification problem in the new box.
Resolution
There are couple of options to resolve the problem.
- Fix the certification problem with the new box or system.
- Revert the changes and go back to the old system or box.
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.