SSLPeerUnverifiedException for Connect-REST
User has configured a two-way SSL between Pega and another system.
They exchanged certificates and the certificate of the Service that they were going to connect to (KYC) was configured in WebSphere's Trust Store (Container-Managed Certificate in Trust Store).
User was getting javax.net.ssl.SSLPeerUnverifiedException in the logs and test connection fails.
com.pega.pegarules.pub.services.ConnectorException: Caught unhandled exception: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Steps to Reproduce
1) Create a connect-REST Rule to connect with a System (KYC) using JSON.
2) Ensure that the End-point URL is secured and starts HTTPS.
3) Ensure that the KYC's Certificate is Configured in Pega's WebSphere App Server's Trust Store.
4) Make sure that the WebSphere App Server's Certificate is Configured in the KYC's JBOSS Server as well.
5) Test the connection. Observe that the javax.net.ssl.SSLPeerUnverifiedException: exception.
Pega supports two-way SSL for all Connectors that supports SSL in any form.
Pega have not exhaustively tested 2-way SSL for every Connector type that supports it on every available platform, but there is no known limitation that would prevent it from working, if configured correctly.
A defect or configuration issue in the operating environment. The private key password was incorrect inside the keystore.
User has to check private key password and Keystore password are same or different.
User is suggested to try with the same password for the Keystore and the Private key.
Published October 13, 2016 - Updated October 8, 2020