Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

SSLPeerUnverifiedException invokes Rest service from Pega



Invoking a Connect-Rest rule for an SSL enabled Rest service fails.

Error Messages

Caused by: peer not authenticated
at com.pega.apache.http.conn.ssl.AbstractVerifier.verify(
at com.pega.apache.http.conn.ssl.SSLSocketFactory.connectSocket(
at com.pega.apache.http.conn.ssl.SSLSocketFactory.connectSocket(
at com.pega.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(
at com.pega.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(
at com.pega.apache.http.impl.client.DefaultRequestDirector.tryConnect(
at com.pega.apache.http.impl.client.DefaultRequestDirector.execute(
at com.pega.apache.http.impl.client.AbstractHttpClient.execute(
at com.pega.apache.http.impl.client.AbstractHttpClient.execute(
at com.pegarules.generated.activity.ra_action_pyinvokerestconnector_ea5a601f5c30c4d8bb2e5da269e20397.step5_circum0(
... 64 more

Steps to Reproduce

Invoke Connect-Rest service from Pega application.

Root Cause

A defect or configuration issue in the operating environment. The certificates needed to access the Rest service were not installed in the application server truststore.

When a user has a Connector rule for an HTTP-based protocol such as HTTP, SOAP, REST, and sometimes Email, the user may point to an SSL-enabled ("HTTPS") endpoint. The service that is connected will provide an SSL certificate to identify itself and secure the connection.

PRPC relies on the Application Server to "trust" the certificate that another service provided. When PRPC is deployed in tomcat, this usually means that the default java trust store is in use. IBM Websphere has its own trust store, controlled in the Admin Console.

When the certificate provided by a service is not in the trust store, or otherwise not trusted (for instance, it is out-of-date or issued to a different organization), PRPC cannot complete the connection and an exception such as "Peer not authenticated" results.

It is the responsibility of the user to ensure that the application server's trust store is set up correctly.


Make the following change to the operating environment:

Add the required certificates to the application server truststore.

Published January 31, 2016 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us