'Session contains no certificates - Untrusted' error on sending REST message via MID server

Go to solution
railroadmanuk
Giga Contributor

‎03-29-2021 01:10 AM

I am testing our scoped application on Quebec and whenever I try to send a RESTMessagev2 via a MID server I am seeing the following error:

WARNING *** WARNING *** Request not sent to uri= https://192.168.1.1/api/v1/cluster/me : org.apache.commons.httpclient.HttpException: Session contains no certificates - Untrusted

This worked perfectly on all releases up till Quebec but now seems to have stopped working entirely.

Have tried tweaking below System Properties without success:

com.glide.communications.trustmanager_trust_all
com.glide.communications.httpclient.verify_hostname

As well as adding below to wrapper-override.conf on my MID server but not seeing any change:

Djsse.enableSNIExtension=false

Also tried pulling the CER file for the endpoint and adding it to my JRE keystore on the MID server but again this made no difference. Has anyone hit this and have a suggested way forward?

 

Many thanks

Tim

Labels:
0 Helpfuls
  • 27,805 Views
1 ACCEPTED SOLUTION

Go to solution
railroadmanuk
Giga Contributor

‎04-06-2021 06:13 AM

The support team pointed me to this KB:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0864766

This document is also useful (actually way more useful and less misleading IMO):

https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/product/mid-server/concept/mid-security-checks.html

tldr is that that I went to MID Security Policy in the SNOW UI, and disable cert checking for the Intranet zone

find_real_file.png

View solution in original post

Preview file
41 KB
6 REPLIES 6

Go to solution
mshetty794
Kilo Contributor

‎03-29-2021 11:23 PM

I am also finding the same issue, do let me know if you have found solution to this problem

0 Helpfuls

Go to solution
Igor Almeida1
Giga Contributor

‎03-31-2021 06:55 AM

I'm with the same issue... Someone solved this?

0 Helpfuls

Go to solution
railroadmanuk
Giga Contributor

‎04-06-2021 06:13 AM

The support team pointed me to this KB:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0864766

This document is also useful (actually way more useful and less misleading IMO):

https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/product/mid-server/concept/mid-security-checks.html

tldr is that that I went to MID Security Policy in the SNOW UI, and disable cert checking for the Intranet zone

find_real_file.png

Preview file
41 KB

Go to solution
Lorenzo Persich
ServiceNow Employee
ServiceNow Employee

‎08-09-2022 01:59 AM

If you do not want to disable the Certificate Chain Check for the whole intranet, you can either:

  • Add an overriden security policy for specific for your end-point (see here)
  • do some troubleshooting to find the missing certificate in the MID server cacerts. Have a look at this KB to get more details.
0 Helpfuls