javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure"
Validating with the Api Gateway administrator, the request arrives but is denied because PEGA is not sending the correct certificates, TLS1.2 is supported for the service
Checking the connection, Pega sends the corresponding Keystore and Truststore.
How can I know the name of the JKS that Pega is obtaining in the request? From the trace I can see the name of the Keystore rule, but I don’t see if it is obtaining the JKS correctly
In the first one, obtaining the token is correct, but in trace I can’t find how to send the token to the service
@JACKARTA
The SSL handshake is failing due to certificate issues like full certificate chain not present/certificate expiry issue.
Usually the error that we saw with trustmanagers occurs when either an incorrect certificate is being used/all the certs in the chain are not present.
Check if the JKS has the required chain of certs
Check if only leaf certificate is present in the platform truststore
For the connection to be trusted, please make sure that all certificates in the certificate chain are added to the platform trust store.
If the certificates are added as part of the Platform Truststore, then Pega expects the entire chain of the certificates to be added as part of the truststore for the handshake to happen without any issues. Hence, please add the intermediate and root certificates to the JKS and then import all these certs into Pega Truststore.
@Bogga Thank you for taking the time to read my post and you are right in what you say.
I recently reported it to PEGA support, we reviewed it and confirmed that the PEGA platform has an error in that step of the wizard. Pega will analyze it and see if they fix it in a future version.
For now I have chosen the option of uploading the service response and continuing with the wizard process.
@JACKARTA Please share GCS INC or Feedback Item Id if any raised here so that it will be helpful for other Pega community members facing the same issue.
