REST outbound with HTTPS

evyatar · ‎01-07-2018

Hi,

Is this possible to make request to external service using self-signed certificate?

Because I'm using my Webservice with HTTP its work and with HTTPS it isn't worked.

How can I fix it?

Thanks./

jarodm · ‎01-07-2018

Quick cut/paste from my notes here. Hope it can get you moving down the right path.

Example error messages...

[Jakarta] "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated"

[Istanbul] Error:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Workarounds...

[Istanbul / Kingston]

System Definition > Certificates

Attach copy of self-signed cert (.cer) as DER/Trust Store Cert

[Jakarta]

If Error:org.apache.commons.httpclient.HttpException: SSLPeerUnverifiedException

Set sys_properties 'com.glide.communications.httpclient.verify_hostname' = false (in sub-PROD only!)

Jarod

GianluNow · ‎12-04-2019

Hi Jarod,

i've the same problem on NewYork but I'can't find 'com.glide.communications.httpclient.verify_hostname properties.

Do you know another way to solve this problem?

Thanks.

Dante · ‎01-10-2020

Hey Gianul,

In ServiceNow sometimes you won't see a property on the sys properties list but that property is still in effect using a "default" value. In the case where you want to override that property, you have to create a new property with that name and then set the desired override value. Usually this is only done with sensitive properties. Since this one could have an impact on instance security, it's probably hidden by default.

So, create a sys property with the name com.glide.communications.httpclient.verify_hostname and set it to false. You can see in the ServiceNow docs that the property still exists in the New York release.

https://docs.servicenow.com/bundle/newyork-platform-administration/page/administer/security/concept/...