Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Upon quick search, certificate Chaining Error is getting thrown

SA-37285

Summary



The user is unable to search the work object from the search bar.


Error Messages



Error on the UI:

** Singleton: Set Initialization/UniqueActivityTerminateExceptions for unique exceptions

Log entries:

2017-02-24 08:52:40,093 [ WebContainer : 10] [OpenPortal] [your_app:01.01.01] (ility.CPM_Search_Result.Action) ERROR _yourHost|_yourIP _yourUser - Search failed due to problems connecting to the search SOAP service. Please review the Data-Admin-System-Setting for 'SearchSoapURI' to ensure a valid endpoint URL, or try again after some time.

Upon enabling logger in InvokeAxis2, found the following entries:

2017-03-22 14:55:58,386 [ WebContainer : 1] [OpenPortal] [DMBNAAD_BAU:01.01.01] (Axis2.Rule_Connect_SOAP.Action) ERROR _yourHost|_yourIP _yourUser|Rule-Connect-SOAP.Data-Find-Search.pzConnectLuceneSearch majuma3 - Invoke Axis 2: Meesage com.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=_yourUser, OU=Root Certificate, OU=your01_cell, OU=your01_dmgr, O=_yourCompany, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error


Steps to Reproduce

  1. Search any work object in the search text box.
  2. Expected result: Work object is displayed
  3. Actual result: 'No matching data is found'


Root Cause



A defect or configuration issue in the operating environment:

Based on the error it looks like two nodes are not able to communicate as it is on HTTPS. In the past, as per SA article SA-107, a similar issue was resolved by giving Pega the necessary trust keystore inside pzConnectLuceneSearchWork Connect-SOAP rule. Since this Rule is final, a hotfix is required to make this rule available so that it can be modified to suit user's SSL handshake requirements.

Resolution

  1. Install the HFIX-9559.
  2. Restart the server
  3. Install the HFIX-9627.
  4. Restart the server
  5. Test the changes

Changes in the HFIX-9627 are:

pyConnectLuceneSearchWork gets added as available which internally replaces the final pzConnectLuceneSearchWork rule.

After the hotfixes are install, under the advance tab of pyConnectLuceneSearchWork rule, add the security profile in order to make the keystore / certificates available for the handshake.

Tags:

Pega Platform Pega Platform 6.2 SP2 Data Integration

Published May 6, 2017 - Updated October 8, 2020

Was this useful?

100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us