Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Sudheer Nimmagadda (Sudheer Nimmagadda)
Highmark Health
Sr Application Developer
Highmark Health
Sudheer Nimmagadda Member since 2018 5 posts
Highmark Health
Posted: Oct 16, 2018
Last activity: Oct 26, 2018
Posted: 16 Oct 2018 16:29 EDT
Last activity: 26 Oct 2018 10:18 EDT
Closed
Solved

Does PEGA v6.2 sp2 supports TLS 1.1/1.2 ?

Hello,

I am getting below error while trying to execute Connect-rest rule in Pega v 6.2 sp 2.

"- javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated"

I ran below code in PEGA 6.2 sp2, it returned [TLSv1, TLSv1.1, TLSv1.2] . means Pega 6.2 sp2 supports TLS 1.1/1.2 ?

Show More

Hello,

I am getting below error while trying to execute Connect-rest rule in Pega v 6.2 sp 2.

"- javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated"

I ran below code in PEGA 6.2 sp2, it returned [TLSv1, TLSv1.1, TLSv1.2] . means Pega 6.2 sp2 supports TLS 1.1/1.2 ?

{
String[] prots = javax.net.ssl.SSLContext.getDefault().getSupportedSSLParameters().getProtocols();
myStepPage.putString(".pyNote", java.util.Arrays.toString(prots));
}
catch (Exception e)
{
oLog.error(e);
}

few article says - "Support for TLS started in PRPC 6.3 SP1 not in 6.2".so please clarify whether v6.2 SP2 supports TLS 1.X or not ?

Regards,

Sudheer Nimmagadda


Show Less
To see attachments, please log in.
Low-Code App Development
Data Integration

Accepted Solution

Posted: 6 years ago
Posted: 26 Oct 2018 10:17 EDT
Sudheer Nimmagadda (SudheerNimmagadda)
Cognizant

Cognizant
US

Basically pyInvokeRESTConnector in 6.2sp2 will not support TLS1.1/1.2 connection so you have to add below additional java steps to Step#5 in pyInvokeRESTConnector activity.

------------------------------------------------------------------------------------------------------------

find out : "com.pega.apache.http.HttpRequest httpRequest = null;

try
{ "

Now put the following code after the above code:

// { start - customization to support TLS connection

     if (serviceURL.toLowerCase().startsWith("https")) 

     { 

            javax.net.ssl.SSLContext ctx = javax.net.ssl.SSLContext.getInstance("TLSv1.2"); 

Show More

Basically pyInvokeRESTConnector in 6.2sp2 will not support TLS1.1/1.2 connection so you have to add below additional java steps to Step#5 in pyInvokeRESTConnector activity.

------------------------------------------------------------------------------------------------------------

find out : "com.pega.apache.http.HttpRequest httpRequest = null;

try
{ "

Now put the following code after the above code:

// { start - customization to support TLS connection

     if (serviceURL.toLowerCase().startsWith("https")) 

     { 

            javax.net.ssl.SSLContext ctx = javax.net.ssl.SSLContext.getInstance("TLSv1.2"); 

             ctx.init(null, null, null); 

             com.pega.apache.http.conn.ssl.SSLSocketFactory sf = new com.pega.apache.http.conn.ssl.SSLSocketFactory(ctx); 

             sf.setHostnameVerifier(com.pega.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);               

             // create the scheme for connection 

             com.pega.apache.http.conn.scheme.SchemeRegistry sr = new com.pega.apache.http.conn.scheme.SchemeRegistry(); 

             // warning: no HTTP scheme is defined here, so this client is not compatible with regular HTTP!      

             sr.register(new com.pega.apache.http.conn.scheme.Scheme("https", sf, 443));  

            // rebuild the client using the new HTTPS scheme. 

             com.pega.apache.http.impl.conn.SingleClientConnManager cm = new com.pega.apache.http.impl.conn.SingleClientConnManager(client.getParams(), sr); 

             client = new com.pega.apache.http.impl.client.DefaultHttpClient(cm, client.getParams()); 

      } 

     // } end - customization to support TLS connection

---------------------------------------------------

also confirm also with your WAS Admin that the necessary trusted certificates for the RestService Endpoint / Server have been imported into WAS Application Server’s Default SSL Settings.

Thanks

Sudheer Nimmagadda

 


Show Less
To see attachments, please log in.
Posted: 6 years ago
Posted: 16 Oct 2018 22:52 EDT
Anandh Palanisamy (ANANDH123)
AbbVie
Technology Architect II
AbbVie
US

Hi Sudheer,

Please make your application where Pega running should support TLS 1.2 and consumer also restrict when you can the SOAP call. Consuming system also should accept TLS 1.2.

Hope this helps, please let me know

Regards,

Anandh

To see attachments, please log in.
Posted: 6 years ago
Posted: 17 Oct 2018 7:24 EDT
Sudheer Nimmagadda (Sudheer Nimmagadda)
Highmark Health
Sr Application Developer
Highmark Health

Thank you Anandh,

my consumer application supports both TLS 1.1 and 1.2.

Is there any hotfix from Pega systems to fix below issue in Pega 6.2 ?

("- javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated")

To see attachments, please log in.

Accepted Solution

Posted: 6 years ago
Posted: 26 Oct 2018 10:17 EDT
Sudheer Nimmagadda (SudheerNimmagadda)
Cognizant

Cognizant
US

Basically pyInvokeRESTConnector in 6.2sp2 will not support TLS1.1/1.2 connection so you have to add below additional java steps to Step#5 in pyInvokeRESTConnector activity.

------------------------------------------------------------------------------------------------------------

find out : "com.pega.apache.http.HttpRequest httpRequest = null;

try
{ "

Now put the following code after the above code:

// { start - customization to support TLS connection

     if (serviceURL.toLowerCase().startsWith("https")) 

     { 

            javax.net.ssl.SSLContext ctx = javax.net.ssl.SSLContext.getInstance("TLSv1.2"); 

Show More

Basically pyInvokeRESTConnector in 6.2sp2 will not support TLS1.1/1.2 connection so you have to add below additional java steps to Step#5 in pyInvokeRESTConnector activity.

------------------------------------------------------------------------------------------------------------

find out : "com.pega.apache.http.HttpRequest httpRequest = null;

try
{ "

Now put the following code after the above code:

// { start - customization to support TLS connection

     if (serviceURL.toLowerCase().startsWith("https")) 

     { 

            javax.net.ssl.SSLContext ctx = javax.net.ssl.SSLContext.getInstance("TLSv1.2"); 

             ctx.init(null, null, null); 

             com.pega.apache.http.conn.ssl.SSLSocketFactory sf = new com.pega.apache.http.conn.ssl.SSLSocketFactory(ctx); 

             sf.setHostnameVerifier(com.pega.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);               

             // create the scheme for connection 

             com.pega.apache.http.conn.scheme.SchemeRegistry sr = new com.pega.apache.http.conn.scheme.SchemeRegistry(); 

             // warning: no HTTP scheme is defined here, so this client is not compatible with regular HTTP!      

             sr.register(new com.pega.apache.http.conn.scheme.Scheme("https", sf, 443));  

            // rebuild the client using the new HTTPS scheme. 

             com.pega.apache.http.impl.conn.SingleClientConnManager cm = new com.pega.apache.http.impl.conn.SingleClientConnManager(client.getParams(), sr); 

             client = new com.pega.apache.http.impl.client.DefaultHttpClient(cm, client.getParams()); 

      } 

     // } end - customization to support TLS connection

---------------------------------------------------

also confirm also with your WAS Admin that the necessary trusted certificates for the RestService Endpoint / Server have been imported into WAS Application Server’s Default SSL Settings.

Thanks

Sudheer Nimmagadda

 


Show Less
To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice