Connector Exception Connect-REST : Unable to instantiate JSSE socket factory

Karthik_Kummera · March 8, 2022, 8:07am

Configured connect-rest and keystore rule (uploaded the .p12 file and provided password). Mentioned the keystore in connect-rest rule and getting unable to instantiate jsse socket factory exception and required key store meta info is missing.

I have selected keystore type as PKCS12 in keystore rule.

Able to test it successfully using SOAP UI.

What could be the reason.

Can you please help?

MarijeSchillern · March 9, 2022, 11:33am

@KarthikKummera can you confirm you followed the documentation and setup certificates and truststore as per Identifying the external system for a Connect REST rule?

There is also detail on the Pega Community Wiki pages: Importing external certificates into a Pega Keystore.

Keystore and truststore can be configured at WAS,JVM and REST connector layer.

Have you configured keystore at JVM layer (with password null)?

Are you able to test by removing truststore and keystore from rest connector and configure keystore and truststore at WAS layer? Try adding the url in the dynamic outbound url configuration in the WAS layer.

Are the certificate installed properly for JVM? Did you try copying the certificates from existing servers to the new server in cacerts folder? Browse for a file name such as /opt/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts

Please refer to the vendor documentation.

Can you please provide a document with screenshots that Connect-Rest configuration settings?

SSL Debug information that is enabled will be available on WebSphere - Server log. “-Djavax.net.debug=SSL”.

Or turn on debug at the JVM level in the Pega app server using -Djavax.net.debug=all

Reproduce the issue and provide application server log and check the PegaRules log. If the issue persists you may need to log a support Incident (please provide the INC id if you chose to go down this path).

Karthik_Kummera · March 17, 2022, 9:02am

@MarijeSchillern Thanks for the response. We have raised SR for this issue.

MarijeSchillern · March 17, 2022, 9:32am

@KarthikKummera thanks. I checked and I believe INC-215113 is your support ticket?

I’ve added it here. Please do keep us posted on progress.

MarijeSchillern · April 13, 2022, 3:26pm

From the support ticket INC-215113 I understand that the issue was no longer replicated after you updated to Pega 8.5.5

Root cause description:
Certificate chain missing. and the CONNECT-REST is failing with Unable to instantiate JSSE socket factory error.

Solution type: Explanation

Please check the certificate chain with network team and import it into the Keystore again.
Please verify if any of the certificates are expired in the Keystore.
Please follow the steps mentioned in the below link to import root and/or intermediate certificates:

If you are in a multinode environment please restart after the import of the certificate to the platform.

As the support team did not receive any further response or new debug logs from the updated environment we are assuming the issue is resolved.

Conversation		Replies	Views
Trustore for Connect-REST General pega-platform , 8-8-5	1	30	January 28, 2026
Connector REST And Security General pega-platform , system-administration , data-integration , 8-8-3	6	343	January 10, 2024
The PDC keystore file does not exist in your system. General platform , pega-diagnostic-center , system-cloud-ops-administrator	1	102	March 24, 2025
SSL handshake issue calling rest APIs General security , dx-api , 8-8-5	5	726	September 5, 2024
Need to see full details of the ticket related to INC-150317 · Issue 625883 General senior-system-architect , data-integration , financial-services , 8-8-5	1	104	September 9, 2024

Connector Exception Connect-REST : Unable to instantiate JSSE socket factory

Related topics