Support Article
Unable to establish SSL connection for Pega IAC
Summary
The requirement is to setup an SSL enabled IAC instance, complete with VIP or load balancers. While setting up this IAC instance, a full stack is successfully executed without SSL. However, on attempting to insert the PRPC SSL endpoint into the IAC Host Configuration, the SSL endpoint is not accepted. The "Test Connection" button returns an error.
The SSL setup is completed as per standard practices. The truststore (which contains the intermediate and root CA) and also a .jks file for the gateway server certificate is explicitly defined. However, the errors persist. Error Messages
Connected to PRPC Deployment
Pega-IAC ruleset installed
Properly configured prconfig.xml
Server Certificates Installed in Gateway
* Check if PRPC is up and running.
* The Pega-IAC ruleset has not been installed (import pxIAC.zip to install).
* IAC specific property (/Authentication/RedirectGuests) is not set in prconfig xml file.
Please add <env name="/Authentication/RedirectGuests" value="false"/> to prconfig.xml file.
* Since this is a secure connection, SSL certificates need to be added in Gateway TrustStore, click install SSL certificatesSteps to Reproduce
Enter the URL for the PRPC in the IAC Host Config and perform a, "test connection".Root Cause
The root cause of this issue was a mismatch in the certificate imported in prgateway.jks.Resolution
Perform the below local-change to make IAC work on SSL:
- Access PRPC on HTTPS (using the keystore which is configured at server.xml).
- From browser, export the certificate to local directory.
- Use this exported certificate to import in prgateway.jks.
- Restart the PRPC and IAC servers.
- Test the host configuration in IAC URL.
Published August 6, 2015 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.