When we are trying to access the environment after an Pega upgrade getting 403 error

MaruthiNaiduK · May 14, 2026, 7:25am

We have upgraded one of our environment from Pega 23 to Pega 25.1.2 with ubuntu 22.04 java openjdk 17.0.18 - tomcat 10.1.54 and the upgrade went fine. After the upgrade we could see that tomcat had started successfully.

When we try to access the environment with https://URL then we are getting the below exception.

Type com.pega.pegarules.priv.web.HTTPOperationException

Message 403

Stack at com.pega.pegarules.web.impl.HttpUtilities.validateForHostHeader(HttpUtilities.java:318)
at com.pega.pegarules.web.impl.HttpUtilities.extractRequest(HttpUtilities.java:164)
at com.pega.pegarules.web.impl.WebStandardImpl.makeEtierRequest(WebStandardImpl.java:725)
at com.pega.pegarules.web.impl.WebStandardImpl.doPostInner(WebStandardImpl.java:435)
at jdk.internal.reflect.GeneratedMethodAccessor251.invoke(Unknown:Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethod(PRBootstrap.java:418)
at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethodPropagatingThrowable(PRBootstrap.java:460)
at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethodPropagatingThrowable(AppServerBridgeToPega.java:225)
at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethod(AppServerBridgeToPega.java:274)
at com.pega.pegarules.internal.web.servlet.WebStandardBoot.doPost(WebStandardBoot.java:164)
at com.pega.pegarules.internal.web.servlet.WebStandardBoot.doGet(WebStandardBoot.java:121)
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564)
at com.pega.pegarules.internal.web.servlet.WebStandardBoot.service(WebStandardBoot.java:191)
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:165)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:88)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:113)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:83)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:654)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:72)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:476)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:102)
at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:973)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:491)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
at java.base/java.lang.Thread.run(Thread.java:840)
at (

The environment is accessble on http url with port 8080 but it is not accessible with https url.

Please let us know if we can get help on this issue.

GIAND · May 14, 2026, 3:02pm

When http works and https does not first thing to check is your SSL certs. That said you’ll be better suited for this type of issue to submit a support ticket - http://msp.pega.com/

MaruthiNaiduK · May 14, 2026, 4:45pm

Thank you for your response.

We have verified the SSL certificate and confirmed that there are no issues with it. I raised this question here to check whether anyone else has encountered a similar issue before we open a case with Pega Support.

We have a vanilla installation of Pega 25.1.2 where this issue does not occur. The problem is only observed in the environment that was upgraded from Pega 23 to Pega 25.1.2.

Please note that we have already performed a Hotfix Scan and installed all critical hotfixes, but the issue still persists.

RameshSangili · May 14, 2026, 5:04pm

We had a similar issue during cloud migration. Then it turned out to be an configuration at the network level to allow https. Could you please check with your Networking team if the necessary ports are allowed

MaruthiNaiduK · May 14, 2026, 5:12pm

Thank you @RameshSangili , yes we verified the allowed ports and they are good no issues with it also.

RameshSangili · May 14, 2026, 5:26pm

I recommend to create Pega INC ticket to troubleshoot this issue further.

Conversation		Replies	Views
Post upgrade to 8.4 unable to login to Pega General lead-system-architect , updates , financial-services , 8-4-3 , dev-designer-studio	3	369	September 22, 2021
HTTP Status 503 – Service Unavailable while connecting to my pega host General pega-platform , system-administration , installation-and-deployment	2	396	April 26, 2024
Ensure all requests are HTTP secured User Experience user-experience , 8-5-4	2	96	September 30, 2024
Error 403: SRVE0295E: Error reported: 403 General senior-system-architect , updates , pega-cloud , financial-services , 8-7-4 , 8-7-5	1	2059	August 2, 2023
not able to access to my.pega.com portal General	1	41	December 12, 2023

When we are trying to access the environment after an Pega upgrade getting 403 error

Related topics