When trying call PEGA APIs from within an org application, we are getting a SSL certificate issue saying:
We have created a test api connection in PEGA. we are able to call the APIs from postman. But when trying to call from within our internal application called OneCert to integrate the APIs we are facing the below issue.
Exception occurred in Test Connection: Error : Exception occurred while generating access token: Unable to generate access token. Response returned : javax.net.ssl.SSLHandShakeException: received handshake warning: unrecognized_name .
Could you help us resolve this.
Hello @thusharp17248631,
The behavioral difference between Postman and Pega could be that you were using Postman by disabling the SSL verification. In Pega, the SSL validation is enabled by default in the latest versions. Pega validates the server’s identity and authenticity before initiating a request to the endpoint.
To resolve this you would need to install the public key certificate of the external server in Pega’s Platform Truststore.
For more information on how to import the certificate into Pega, please go through the below articles.
Thank you,
Anupam
@Anupam Dubey
We tried adding the external server’s certification in the PEGA platform’s trust strore. It is still giving the same issue.
@thusharp17248631
Can you try adding the entire chain of certificates from the external service you are trying to connect? Usually, we would have to import the Root and the Intermediate certificates into the Platform Truststore so that the CA can listed as a TrustManager during the SSL validation.
@Anupam Dubey
As mentioned in the support ticket, since Pega is a service provider in this scenario, the client application needs to trust the public key certificate for the Pega server, which will fix the issue.
My previous suggestions on this page are valid when Pega is the client trying to invoke a connection to an external service provider.
Thank you!
Resolution notes from ticket
- When OneCert is trying to connect to Pega it ends up with SSLHandshakeException.
- The Pega application was hosted on HTTPS but the certificate that was used for the server was not listing the entire chain of certificates.
- Based on the observations, there is something wrong with the way this certificate was generated as it should have listed the Intermediate and the Root certificates.
- Shiva mentioned that you are currently working with your internal teams to regenerate the certificate correctly. For this scenario, I can confirm there is no issue from Pega.
- Once the new certificate is generated and used to host Pega application on HTTPS then install the certificate (leaf, intermediate and root) at your OneCert application to fix this issue.
Hi @Anupam Dubey
Could you please share the ticket number so that I can link this Question to it?
Thank you!