Authentication Profile Oauth2.0: How to pass the header to the access token endpoint:
Hi, I am facing the following error
. I am creating a rest connection with PEGA wizard, I am using an Authentication Profile, with certificates, they are valid and well configured.
When trying to connect to obtain a token, Pega returns this error
"SSL/TLS configuration issue detected. Please repair and try again. Caught unhandled exception: java.lang.RuntimeException:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure"
Validating with the Api Gateway administrator, the request arrives but is denied because PEGA is not sending the correct certificates, TLS1.2 is supported for the service
Checking the connection, Pega sends the corresponding Keystore and Truststore.
How can I know the name of the JKS that Pega is obtaining in the request? From the trace I can see the name of the Keystore rule, but I don't see if it is obtaining the JKS correctly
In the first one, obtaining the token is correct, but in trace I can't find how to send the token to the service
Accepted Solution
Updated: 1 Nov 2024 8:30 EDT
Pegasystems Inc.
IN
@JACKARTA The SSL handshake is failing due to certificate issues like full certificate chain not present/certificate expiry issue.
Usually the error that we saw with trustmanagers occurs when either an incorrect certificate is being used/all the certs in the chain are not present.
- Check if the JKS has the required chain of certs
- Check if only leaf certificate is present in the platform truststore
- For the connection to be trusted, please make sure that all certificates in the certificate chain are added to the platform trust store.
- If the certificates are added as part of the Platform Truststore, then Pega expects the entire chain of the certificates to be added as part of the truststore for the handshake to happen without any issues. Hence, please add the intermediate and root certificates to the JKS and then import all these certs into Pega Truststore.
Corporaci?n Credomatic SA
CR
@Bogga Thank you for taking the time to read my post and you are right in what you say.
I recently reported it to PEGA support, we reviewed it and confirmed that the PEGA platform has an error in that step of the wizard. Pega will analyze it and see if they fix it in a future version.
For now I have chosen the option of uploading the service response and continuing with the wizard process.
Pegasystems Inc.
IN
@JACKARTA Please share GCS INC or Feedback Item Id if any raised here so that it will be helpful for other Pega community members facing the same issue.