Upon quick search, certificate Chaining Error is getting thrown
SummaryThe user is unable to search the work object from the search bar.
Error on the UI:** Singleton: Set Initialization/UniqueActivityTerminateExceptions for unique exceptions
2017-02-24 08:52:40,093 [ WebContainer : 10] [OpenPortal] [your_app:01.01.01] (ility.CPM_Search_Result.Action) ERROR _yourHost|_yourIP _yourUser - Search failed due to problems connecting to the search SOAP service. Please review the Data-Admin-System-Setting for 'SearchSoapURI' to ensure a valid endpoint URL, or try again after some time.
Upon enabling logger in InvokeAxis2, found the following entries:
2017-03-22 14:55:58,386 [ WebContainer : 1] [OpenPortal] [DMBNAAD_BAU:01.01.01] (Axis2.Rule_Connect_SOAP.Action) ERROR _yourHost|_yourIP _yourUser|Rule-Connect-SOAP.Data-Find-Search.pzConnectLuceneSearch majuma3 - Invoke Axis 2: Meesage com.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=_yourUser, OU=Root Certificate, OU=your01_cell, OU=your01_dmgr, O=_yourCompany, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
Steps to Reproduce
- Search any work object in the search text box.
- Expected result: Work object is displayed
- Actual result: 'No matching data is found'
Root CauseA defect or configuration issue in the operating environment:
Based on the error it looks like two nodes are not able to communicate as it is on HTTPS. In the past, as per
SA article SA-107, a similar issue was resolved by giving Pega the necessary trust keystore inside pzConnectLuceneSearchWorkConnect-SOAP rule. Since this Rule is final, a hotfix is required to make this rule available so that it can be modified to suit user's SSL handshake requirements.
Changes in the HFIX-9627 are:pyConnectLuceneSearchWorkgets added as available which internally replaces the final pzConnectLuceneSearchWorkrule.
- Install the HFIX-9559.
- Restart the server
- Install the HFIX-9627.
- Restart the server
- Test the changes
After the hotfixes are install, under the advance tab of pyConnectLuceneSearchWork rule, add the security profile in order to make the keystore / certificates available for the handshake.
Published April 28, 2017 - Updated May 5, 2017