Posted: 1 Mar 2017 12:52 EST Last activity: 23 Mar 2017 15:17 EDT
Connect-rest , one way SSL , Caught unhandled exception: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
I am invoking connect-rest to call the rest service enabled with https oneway ssl. i have got the .cer file from the service provider, and i created the keystore.jks file using keytool -importcert -file service.cer -keystore keystore.jks -alias "Alias" .
after that i created the keystore rule in pega and i have uploaded keystore.jks file and i referred the keystore rule in the connect-rest rule. But getting Caught unhandled exception: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated .
Please provide me the remediation steps to fix this issue. am i missing any steps that need to be performed.
***Updated by moderator: Lochan to update Categories***
Could you please confirm Is it One-way or Two-way authentication.
To verify if Two-way SSL is configured in IBM Websphere, go to SOAP Endpoint(Server) Websphere server console, under SSL certificate and key management > SSL configuration > NodeDefaultSSLSettings > Quality of protection (QoP) settings, Client authentication should be set to "required", if its set to None, then its One-way SSL.
Once the right SSL connection type was determined to One-Way SSL, enable DEBUG on below classes :
1. Add “-Djava.net.debug=all” JVM argument to print all the transaction during SSL handshake.
2. Enable DEBUG on Pega package “com.pega.pegarules.integration.engine.internal.ssl.SSLUtils.java”
One of the possibilities for the error is when one of the certificates in the "Certificate Chain" is missing, which can be verified from the "SSL Debug" logs.
Certificate chain includes: Root, intermediate and CA (Certificate Authority) certificates.
SSL Debug has to be set at the JVM level and the parameters and process depends on the Applciation Server in use.
Once debug logs are collected verify them to find out the missing certificate and add it to the trust store either at the application level, application server level or at the JVM level (CA Certs file).
Try the above approach, if you are not able to resolve the issue, kindly raise an SR with Pega Support, providing the above details.