Support Article
Search column error projected as Peer not aunthicated
SA-8243
Summary
Pega Search functionality in a multinode environment fails due to an exception.
Error Messages
Caught unhandled exception: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.ibm.jsse2.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:169)
at com.pega.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at com.pega.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:398)
at com.pega.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:496)
at com.pega.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
at com.pega.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at com.pega.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at com.pega.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at com.pega.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)
at com.pega.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at com.pega.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at com.pega.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
Steps to Reproduce
Configure Search URL over https and perform search such that PRPC node 1 requires to retrieve results from secondary PRPC node2 over https.
Root Cause
The root cause of this problem is defect/misconfiguration in the operating environment.
For PRPC to retieve search results over HTTPS, correct trust certificates must be installed in JDK's default cacerts TrustStore.
Resolution
This issue is resolved by making the following change to the operating environment:
Install appropriate trust and root certificates in JDK's cacerts TrustStore. You can also specify another trustStore via javax.net.ssl.trustStore JVM custom property.
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.