Support Article

SOAP service SSL hand shake exception after upgrade

SA-38482

Summary



After upgrading from PRPC 6.2 SP2 to Pega 7.1.8, when Pega application is trying to connect to SOAP service through 2 way SSL, user is getting SSL handshake exception.

It works fine if user configure keystore at CONNECT SOAP rule level.


User expectation is to have Pega use keystore and trustore defined at app server level as adding them at rule level adds maintenance overhead.

Also, certificate configuration on new JVMs is exactly same as old ones.


Error Messages

com.pega.pegarules.pub.services.ResourceUnavailableException: SOAP service failed
at com.pegarules.generated.activity.ra_action_invokeaxis2_cdd586d01b69514b059db779bf17ef96.step15_circum0(ra_action_invokeaxis2_cdd586d01b69514b059db779bf17ef96.java:3990)
...
...
Caused by:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.p.a(p.java:21)
at com.ibm.jsse2.p.a(p.java:13)
at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:667)


Steps to Reproduce



Connect to SOAP service through 2 way SSL without rule level keystore and truststore value in WS security profile.


Root Cause



A defect in Pegasystems’ code or rules.

SSLUtils module is not reading truststore and keystore from the Websphere application server cell level.

Resolution



Apply HFix-34655 to resolve the issue.

Published May 24, 2017 - Updated June 9, 2017

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.