Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Connect-SOAP with certificates giving SSL peer not authenticated

SA-28575

Summary



User is setting up a PRPC SOAP CONNECTOR - running over two way SSL.
User receives an error message when user tries click 'Test Connectivity'.


Error Messages



Caught unexpected Throwable during SOAP Connectivity Test: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated



 


Steps to Reproduce



Click 'Test Connectivity' for the Rule-Connect-SOAP rule; observe the error.

[ Note: before the TLS handshake was analysed in detail - first various checks were done (not shown here) to prove that the issue did not originate due to incorrect SERVER or CLIENT Certificates etc. ]

Wireshark was used to capture the SSL Handshake packets (which are not encrypted - since the Certificate exchange has not taken place at this point in the protocol); here's a screenshot showing part of the SSL Handshake which is failing - with an 'Alert (Level: Fatal, Description: Close Notify)' message.




A separate test was done using a diagnostic Activity; which follows:




Java Code from Step 2:

System.setProperty("https.protocols", s_tlsversions);

Java Code from Step 3:

try { 
    StringBuilder sb = new StringBuilder("System Properties: START ----\n");
    java.util.Enumeration keys=System.getProperties().keys();
    while (keys.hasMoreElements()) {
        String key = (String)keys.nextElement();
        String value = (String)System.getProperties().get(key);
        sb.append(String.format("%s=%s\n", key, value));        
     }
    sb.append("System Properties: END ----\n");
    oLog.infoForced(sb.toString());
    oLog.infoForced("Attempting to Connect to: "+s_url);
    java.net.URL url=new java.net.URL(s_url);
    javax.net.ssl.HttpsURLConnection con = (javax.net.ssl.HttpsURLConnection) url.openConnection();
    con.connect();
    oLog.infoForced("No exception when making HttpsURLConnection");
 
}
catch(Exception e) {  throw new PRRuntimeException(e); }

When this test Actvity is run with the parameter S_TLSVERSIONS set to "TLSv1.2" and the S_URL set to match the endpoint in question; this also fails.
When the same Activity is run with the parameter S_TLSVERSIONS set to "TLSv1" - this works. 


Root Cause



A defect or configuration issue in the operating environment.

The target endpoint for the PRPC SOAP-CONNECTOR (Oracle HTTP Server 11g) only supports TLS 1; whereas PRPC was communicating using TLS 1.2.

Resolution



Make the following change to the operating environment:

Ensure the backend  Oracle HTTP Server 11g is upgraded so that it supports TLS 1.2.

 

Tags:

Pega Platform Pega Platform 7.1.8 Data Integration

Published October 6, 2016 - Updated October 8, 2020

Was this useful?

100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us