Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Unable to establish SSL connection in endpoint for PEGA IAC

SA-18997

Summary



When SSL encryption is implemented in a Pega application with load balancing functioning on https access, the SSL endpoint of an IAC gadget returns a null pointer error during connection test. 


Error Messages



org.apache.jasper.JasperException: An exception occurred processing JSP page /webwb/testConnect.jsp at line 20

17: }else{
18: validCertificates=true;
19: }
20: certificatesFound = com.pega.pegarules.gateway.util.GatewayAdminUtils.checkCertificates(url);
21: }
22: boolean isConnected = com.pega.pegarules.gateway.util.GatewayAdminUtils.checkConnectivity(url);
23: if(isConnected){

java.lang.NullPointerException
com.pega.pegarules.gateway.util.GatewayAdminUtils.checkCertificates(GatewayAdminUtils.java:714)
org.apache.jsp.webwb.testConnect_jsp._jspService(testConnect_jsp.java:81)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
sun.reflect.GeneratedMethodAccessor28.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:606)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:536)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:169)


Steps to Reproduce



Enter the SSL URL (https://...) for the PRPC in the IAC Host Configuration and perform a "test connection".


Root Cause



An issue in the custom application. After implementing the SSL, user did not imported the root certificated in the  /WEB-INF/lib/prgateway.jks.
Also as per Customer organization policy, they are not allowed to import certificates into any non organizational specific keystore
 

Resolution



One can use either the shipped /WEB-INF/lib/prgateway.jks with IAC or any custom keystore in .jks format only. 

To use custom .jks file with location and password, edit the prgateway "\WEB-INF\web.xml" and set the "GatewayKeyStoreFile" location and "GatewayKeyStorePassword" as per you standard key store location and password as follows:

<init-param>
<param-name>GatewayKeyStoreFile</param-name>
<param-value>/WEB-INF/lib/prgateway.jks</param-value>
</init-param>

<init-param>
<param-name>GatewayKeyStorePassword</param-name>
<param-value>changeit</param-value>
</init-param>


Change the above two parameters "GatewayKeyStoreFile " and "GatewayKeyStorePassword". I have used a custom keystore as "mykeystore.jks" and location as "C:\mykeystore". The password I have used as "mypassword". It is up to your choice if you want to place the keystore in the war file or outside.

</init-param>
<init-param>
<param-name>GatewayKeyStoreFile</param-name>
<param-value>C:\mykeystore\keystore.jks</param-value>
</init-param>

<init-param>
<param-name>GatewayKeyStorePassword</param-name>
<param-value>mypassword</param-value>
</init-param>

After appending these changes, restart the Application server, where IAC is installation is required. 
Suggest Edit

Published January 31, 2016 - Updated October 8, 2020

Did you find this content helpful? Yes No

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us