I have an orchestration where I am using the RESTCaller to call out to a URL which is HTTPS. This fails with the message;

peer not authenticated, Exception calling REST service: https://xxxx/yyyy/endpoint

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:437)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
at com.serena.restcaller.RESTServiceCall.execute(RESTServiceCall.java:370)
at com.serena.restcaller.RESTCallerImpl.restCallerImplInternal(RESTCallerImpl.java:847)

I can access this endpoint from a browser from the Serena server without an issue.

I have installed the Root Certificate onto the windows server and have restarted the server.

I have found the cacerts file within the SDK JRE Security folder which is below the Serena installation folder and appears to have been updated on the same day I added the new Certificates.

I am now at a bit of a loss as to what to try next, anyone have a similar issue or has already resolved this?

Accepted Answer

Thursday, March 29 2018, 11:24 AM - #Permalink

Open Configurator on the Orchestration Engine server and click the tomcat server section. There is a "Managed Trusted Certificates" button. When you look at those just verify that the certificate is in that list. That seems the most likely place to look.
  • Richard Palmer
    more than a month ago
    This worked a treat for me in 11.2 Build 0127.

    For clarity I was adding a root certificate and supporting certificates to validate a HTTPS certificate and not a self signed certificate.
The reply is currently minimized Show
Responses (1)
  • Accepted Answer

    Monday, April 02 2018, 11:46 AM - #Permalink

    Just wanted to follow up with this. I did some testing on this with SBM 11.3 and I couldn't get the rest caller to work with a https url where the certificate was self signed no matter what I did. I think that's just a defect. I tested the exact same thing in the upcoming 11.4 release we're working on and everything worked as expected. Not sure if you got different results but it looks like it will work in the next release.

    • Brian Amos
      more than a month ago
      Richard perfect glad you got it working. It looks like self signed certs are an issue prior to SBM 11.4 ( upcoming )
    The reply is currently minimized Show
Your Reply

Recent Tweets