'Session contains no certificates - Untrusted' error on sending REST message via MID server

railroadmanuk
Giga Contributor

I am testing our scoped application on Quebec and whenever I try to send a RESTMessagev2 via a MID server I am seeing the following error:

WARNING *** WARNING *** Request not sent to uri= https://192.168.1.1/api/v1/cluster/me : org.apache.commons.httpclient.HttpException: Session contains no certificates - Untrusted

This worked perfectly on all releases up till Quebec but now seems to have stopped working entirely.

Have tried tweaking below System Properties without success:

com.glide.communications.trustmanager_trust_all
com.glide.communications.httpclient.verify_hostname

As well as adding below to wrapper-override.conf on my MID server but not seeing any change:

Djsse.enableSNIExtension=false

Also tried pulling the CER file for the endpoint and adding it to my JRE keystore on the MID server but again this made no difference. Has anyone hit this and have a suggested way forward?

 

Many thanks

Tim

1 ACCEPTED SOLUTION

railroadmanuk
Giga Contributor

The support team pointed me to this KB:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0864766

This document is also useful (actually way more useful and less misleading IMO):

https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/product/mid-server/concept/mid-security-checks.html

tldr is that that I went to MID Security Policy in the SNOW UI, and disable cert checking for the Intranet zone

find_real_file.png

View solution in original post

5 REPLIES 5

mshetty794
Kilo Contributor

I am also finding the same issue, do let me know if you have found solution to this problem

Igor Almeida1
Giga Contributor

I'm with the same issue... Someone solved this?

railroadmanuk
Giga Contributor

The support team pointed me to this KB:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0864766

This document is also useful (actually way more useful and less misleading IMO):

https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/product/mid-server/concept/mid-security-checks.html

tldr is that that I went to MID Security Policy in the SNOW UI, and disable cert checking for the Intranet zone

find_real_file.png

Lorenzo Persich
ServiceNow Employee
ServiceNow Employee

If you do not want to disable the Certificate Chain Check for the whole intranet, you can either:

  • Add an overriden security policy for specific for your end-point (see here)
  • do some troubleshooting to find the missing certificate in the MID server cacerts. Have a look at this KB to get more details.