Can't get a REST message to connect to HTTPS

Mike Waldron
Mega Contributor

I have a service that returns a JSON blob over HTTPS. It works perfectly well if I hit it with my browser; it works perfectly well if I hit it from Postman. The server's using a "real" cert from Comodo that's officially trusted to secure the conversation, so there are no warnings or anything.

But...when I try to hit it from a ServiceNow REST message, using the test feature, I get this error message:

org.apache.commons.httpclient.HttpException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Is there something I need to do to tell ServiceNow "It's okay, this service is legit and you can trust it?" I've scoured the documentation and forums and found some related information, but none of it seems to apply to this particular problem. There are discussions about OAuth and MID servers and etc. I don't think any of that should be necessary, but I'm fairly new to ServiceNow.

Thanks in advance.

1 ACCEPTED SOLUTION

Mike Waldron
Mega Contributor

Bah. I figured it out. The problem had nothing to do with ServiceNow - the problem was my poorly-configured Node.js service. I had this:

var servers = https.createServer({
key: fs.readFileSync('/path/to/Certs/domain_net.key.txt'),
cert: fs.readFileSync('/path/to/Certs/domain_net.crt'),
}, app)
.listen(3001, function () {
// todo: something useful
})

where I needed this:

var servers = https.createServer({
key: fs.readFileSync('/path/to/Certs/domain_net.key.txt'),
cert: fs.readFileSync('/path/to/Certs/domain_net.crt'),
ca: fs.readFileSync('/path/to/Certs/domain_net.ca-bundle')
}, app)
.listen(3001, function () {
// todo: something useful
})

Note the addition of the "ca" line.

Sorry for the forum noise.

View solution in original post

6 REPLIES 6

Harsh Vardhan
Giga Patron

kindly have a look on system property com.glide.communications.trustmanager_trust_all and set it to false. then try , if it's working or not. 

 

https://docs.servicenow.com/bundle/geneva-servicenow-platform/page/administer/general/concept/c_Cert...

Thanks for the response, but I don't think that's it. This property controls whether ServiceNow trusts self-signed certificates.

  1. false - do not trust self-signed certificates
  2. true - trust self-signed certificates

False is the default. I set it to true just to see if that would do anything, but the behavior is the same.

Rajesh Kannan G
ServiceNow Employee
ServiceNow Employee

Well, that gives me a different result, which is at least something. Now it says

org.apache.commons.httpclient.HttpException: No issuer certificate found for <domain>

It's down to SSL Certificate Verification. If I turn that on in Postman, I get the same result. I can fix it in Postman by uploading my "CA bundle" which is the authentication chain, but I haven't found any way to get that to work in ServiceNow. It just stubbornly says "No issuer certificate found" over and over.