Hello,
We have a requirement in a REST integration which needs us to specify domain name (or Host) in the SNI headers to get the certificate.
How can we specify domain name explicitly as an SNI header before running Connect-REST rule?
Following is the error without passing host:
Unable to connect to resource due to TLS/SSL issue: javax.net.ssl.SSLPeerUnverifiedException: Certificate for ******* doesn’t match any of the subject alternative names: ******
In Pega, the SNI headers are handled automatically by the platform during the SSL handshake process. If you’re facing an SSLPeerUnverifiedException, it’s likely due to a mismatch between the hostname and the certificate’s subject alternative names. This can be resolved by ensuring that the certificate includes the correct hostname in its subject alternative names. If the certificate is a wildcard certificate, you can create a Dynamic System Setting (DSS) with the Owning Ruleset as ‘Pega-IntegrationEngine’, Setting Purpose as ‘https/allowAllHostnames’, and Value as ‘true’. This will allow the system to accept all hostnames.
Thank you so much Thulasi