Last activity: 15 Jun 2016 9:22 EDT
Facing Issue in integrating with twitter
Facing issue with twitter integration. We have to integrate with twitter to POST messages. Created OAuthClient (with consumer Key and Secret key for the app created in the twitter). Created an activity to call pyConnectSocialNetwork activity and the OauthClient created is passed.(when the activity is executed it attempts to connect to twitter using the Oauth client).
The first time we execute this, A pop up should be displayed to grant access for our PRPC application to twitter application.Instead fail status with message :"There has been an issue; Please consult your system administrator" is displayed. On tracing the error message is " ** Caught unhandled exception: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated." and "Unable to open an instance using the given inputs: pxObjClass = "Data-Admin-Security-OAuth-Client-AccessToken", pyConsumerKey = "MCdYXNzsM4CVRPfHQ4IDcjW8q", pyUserIdentifier = "PoornimaBonagiri". PFA for the error screen shots.
We are using PRPC 7.1.9 version.
We have followed steps in this PDN link:
Please let us know if any other configurations are needed
Can you refer below post as well:
this talks about same issue and points to follow to resolve these.
" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated"
This indicates that the trust store for your application server lacks the required SSL certificate for connecting to the Twitter endpoint.
It looks like this is the one you would need:
Perhaps you are using an application server that does not ship with the standard certificate sets, or your SSL settings have been modified?
Updated: 13 Apr 2016 10:58 EDT
Is your trust store type JKS? or are you using PKCS#12 is a file format to store the certs.
Our trust store type is JKS. What could be the issue?
I'm a little confused here. Where do you have your truststore configured? Is it at application server level? pyConnectSocialNetwork internally uses HTTP connectors. You haven't added your truststore to any of these standard HTTP connectors, have you? I'm asking this because it is surprising to see this error "Couldn't base64 decode keystore file content". Have you created a keystore instance in Pega and referenced it anywhere in your flow?
We are trying to install certificates using key store field provided on Connect-HTTP/ REST rules.PFA for the certificate /keystore details we used. We are stilling getting the error:"Couldn't base64 decode keystore file content".
What's the password for this JKS file ?
The 'mycert.crt' file you provided seems fine - it matches the one that Jeff advised you to get.
So : now we need to verify whether this CERT was correctly inserted into the JKS file you provided - we'll need the password to do this. (I assume this keystore *only* contains this one public certificate - and no private keys - otherwise if it contains other stuff (esp. password-less private-keys) then you should not share the password of course!)
Updated: 16 Apr 2016 12:04 EDT
Are you setting up your own Connectors here to connect to Twitter ? Rather than using the OOTB PRPC-provided mechanisms ?
Can you post more details about what you need to achieve, what PDN articles (etc) you have already looked at and exactly the steps you have followed so far ?
Additionally: I am *guessing* a bit here - But did you perhaps upload the CERTIFICATE file itself into the PRPC Trust Store Rule ? That *might* explain the error you get ?
What you have to do is create a JKS file which *contains* the certificate on the filesystem and upload *that* to PRPC - is that what you did already ?
We are following the PDN article "https://pdn.pega.com/connecting-twitter-prpc". But failing at step-4 ( Executing the activity to use the OAuth client to connect to Twitter). Pega will receive NBO details from other system, From Pega application these NBO details have to be posted to a twitter ID. this is the requirement. We also tried to create connector, same error "peer not authenticated" is not displayed.
We suspect this is an issue with connectivity to twitter site. We are using capgemini local server where twitter is blocked. But We have already enabled this on server , but looks like api.twitter not enabled properly. We checked twitter access on server machine also. When we do the same on a personal edition (without keystore/certificates) we are able to run the activity and connect to twitter Authorize app page. Now Working with network team to recheck the twitter connectivity.
We have created uploaded the certificate in the same way mentioned.i.e created a JKS file which contains the certificate on the filesystem and uploaded into PRPC.
Is there any other way to post messages to twitter Id? what are the OOTB PRPC-provided mechanisms? Please let us know if there are any others ways to post messages.
Thank you very much John. We are now able to connect to twitter. We have again tried adding the certificate/ keystores. This has resolved the issue.
Updated: 21 Apr 2016 10:56 EDT
Great ! Thanks for letting us know.
Was there something you found that was done incorrectly in the first instance and then were able to correct the second time around ? : might be useful for other people to know if so !
Firstly we were trying to place the certificates in Connect-REST rule security setting (truststore, keystore). Then tried to upload on the server.This link was helpful: Unable to Connect to SSL Services due to PKIX Path Building Failed - Atlassian Documentation. We have tried various times in various ways, My tech manager has worked on this. after few attempts, issue was resolved.
Just to second on your post here Praneeth: the PDN article (https://pdn.pega.com/connecting-twitter-prpc) does not mention having to set up Trust Stores etc - and in fact it would seem odd to have to for a well-known internet-facing application like Twitter (who are using a CA-signed cert of course).
Maybe the 'CACERTS' file for the Java version being used here for PRPC is old and doesn't recognize the particular Digicert-signed CERT here ?
What version of Java is being used here ? (PegaLogs and/or prsysmgmt/SMA will show this - or just check directly in 'setenv.sh' (etc) if using Tomcat).
Updated: 14 Apr 2016 9:36 EDT
The error you posted : "** Couldn't Base64 decode keystore file content" suggests the possibility that the PRPC Truststore might not been setup correctly.
Can you provide the exact steps for what you did:
1. Where and how did you get the Certificate you needed.(And what format it was in)
2. What you did with it next (create a new Java Keystore file outside of PRPC, upload to an existing Keystore File etc?)
3. How you transmitted the keystore to PRPC : and did you specifiy a password etc ? What type of keystore is it etc (As per Aditya's questions).
Since this is a Public Certificate - you can share this with the Forum if you want - it might help us work out what is going on.
I see you have done this already (along with the JKS file itself) - I'll take a look.
i am getting the same error peer not connected can u help me in this thing??what did u do in this thing??
This link was helpful: Unable to Connect to SSL Services due to PKIX Path Building Failed - Atlassian Documentation. We have tried various times in various ways, My tech manager has worked on this. after few attempts, following above link has resolved the issue.
I am also getting error upon calling pyConnectSocialNetwork activity. but the error is like below
1. On step 3 of pyConnectSocialNetwork: Unable to open an instance using the given inputs: pxObjClass = "Data-Admin-Security-OAuth-Client-AccessToken", pyConsumerKey = "xxxxxxxxxxxxxxxxxxxx", pyUserIdentifier = "xxxx"
2. On step 5 of pyConnectSocialNetwork: com.pega.pegarules.pub.PRRuntimeException: Authorization Failed :the server responded with an HTTP 401 code, indicating an authorization problem
Please help. I am running Pega 7.2 on Tomcat 8 without any SSL encryption.