Support Article

SSLPeerUnverifiedException for Connect-REST

SA-27981

Summary



User has configured a two-way SSL between Pega and another system.

They exchanged certificates and the certificate of the Service that they were going to connect to (KYC) was configured in WebSphere's Trust Store (Container-Managed Certificate in Trust Store).

User was getting javax.net.ssl.SSLPeerUnverifiedException in the logs and test connection fails.

Error Messages



com.pega.pegarules.pub.services.ConnectorException: Caught unhandled exception: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.pegarules.generated.activity.ra_action_pyinvokerestconnector_ea5a601f5c30c4d8bb2e5da269e20397.step5_circum0(ra_action_pyinvokerestconnector_ea5a601f5c30c4d8bb2e5da269e20397.java:1678)
at com.pegarules.generated.activity.ra_action_pyinvokerestconnector_ea5a601f5c30c4d8bb2e5da269e20397.perform(ra_action_pyinvokerestconnector_ea5a601f5c30c4d8bb2e5da269e20397.java:137)
at com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:3375)
at com.pegarules.generated.activity.ra_action_invoke_6a91441c4f6e5048b63360383ae1b952.step7_circum0(ra_action_invoke_6a91441c4f6e5048b63360383ae1b952.java:1002)
at com.pegarules.generated.activity.ra_action_invoke_6a91441c4f6e5048b63360383ae1b952.perform(ra_action_invoke_6a91441c4f6e5048b63360383ae1b952.java:172)


Steps to Reproduce



1) Create a connect-REST Rule to connect with a System (KYC) using JSON.
2) Ensure that the End-point URL is secured and starts HTTPS.
3) Ensure that the KYC's Certificate is Configured in Pega's WebSphere App Server's Trust Store.
4) Make sure that the WebSphere App Server's Certificate is Configured in the KYC's JBOSS Server as well.
5) Test the connection. Observe that the javax.net.ssl.SSLPeerUnverifiedException: exception.


Root Cause



Pega supports two-way SSL for all Connectors that supports SSL in any form.

Pega have not exhaustively tested 2-way SSL for every Connector type that supports it on every available platform, but there is no known limitation that would prevent it from working, if configured correctly.

 
A defect or configuration issue in the operating environment. The private key password was incorrect inside the keystore.

Resolution



User has to check private key password and Keystore password are same or different.
User is suggested to try with the same password for the Keystore and the Private key.

 

Published October 13, 2016 - Updated October 8, 2020


100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.