GOAL

Prototype building a REST Message (GET) against our application hosted by the Amazon API Gateway.

ISSUE

I am getting HTTP status 500 when attempting a connection to my RESTful API; it appears to be related to "WARNING *** WARNING *** javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure"

HELP

Am I not configuring my Protocol Profile correctly for use with an HTTPS endpoint?   Is it a bug?

Am I forgetting to set some other system parameter?

Any guidance regarding better troubleshooting or resolution of this error would be greatly appreciated. I assume I am not the first person to develop against the Amazon API Gateway, and I hope this does not require a MID server as a work around due to the use of HTTPS.

ENVIRONMENT

I am logged into a GENEVA developer instance.

I have configured the System Web Services -> Outbound -> REST Message

Authentication: None

HTTP Header: x-api-key: string

HTTP Header: Cache-Control: no-cache

Method:   get

Endpoint:   https://xxxx.execute-api.us-west2.amazonaws.com/test/apiname

I imported the Amazon SSL certificate (and chain) associated with Amazon API Gateway

System Definition -> Certificates -> "New"

I attempted to create an HTTPS Protocol Profile for our Endpoint

System Security -> Protocol Profiles -> "New"

Protocol: https

Default port: 443

Keystore: Endpoint_SSL_PublicKey

                      // However, it complains the SSL public key is not a valid cert store and returns Invalid Insert - even though "Validate Stores/Certificates" returns "Valid trust_store"

DEBUGGING STEPS

ServiceNow KB: REST API FAQs (KB0535048)

• glide.basicauth.required.api is set to FALSE
  //I set this because we are not using basic auth, in addition to leaving "Autentication: None"
  

REST Message Failing with: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_fail...

• glide.outbound.sslv3.disabled is set to TRUE

        //I set this because I want to force TLS

http://wiki.servicenow.com/index.php?title=REST_API  

• glide.rest.debug is set to TRUE

Note:   glide.rest.debug is set with scope of my app, not global - which was unexpected, not sure how to set that global

https://community.servicenow.com/thread/175996

• glide.outbound.sslv3.disabled is set to TRUE

FYI: Finding the log with REST DEBUG data was confusing… but it is here:

System Logs -> Utilities -> Node Log File Browser

Then I look at logs around 1 min before and 1 min after I run the REST test; I also find data   this way…

System Logs -> Utilities -> Node Log File Browser -> Message = "sys_rest_message_fn.do"

BACKGROUND

Our API is hosted via the Amazon AWS API Gateway

The API does not require authentication

The API service only supports HTTPS

The API service supports the following protocols and cipher suites per an SSL Scan:

RELEVANT LINKS

Outbound REST web service

http://wiki.servicenow.com/index.php?title=Outbound_Web_Services_Mutual_Authentication

REST Message Failing with: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_fail...

ServiceNow KB: Customers using the SSLv3 protocol or the RC4 cipher will experience broken integrati...

https://www.ssllabs.com/ssltest/analyze.html?d=YOUR URL   <- to identify SSL/TLS Protocols and Cipher Suites

https://aws.amazon.com/api-gateway/faqs/