- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2019 08:00 AM
I have a service that returns a JSON blob over HTTPS. It works perfectly well if I hit it with my browser; it works perfectly well if I hit it from Postman. The server's using a "real" cert from Comodo that's officially trusted to secure the conversation, so there are no warnings or anything.
But...when I try to hit it from a ServiceNow REST message, using the test feature, I get this error message:
org.apache.commons.httpclient.HttpException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Is there something I need to do to tell ServiceNow "It's okay, this service is legit and you can trust it?" I've scoured the documentation and forums and found some related information, but none of it seems to apply to this particular problem. There are discussions about OAuth and MID servers and etc. I don't think any of that should be necessary, but I'm fairly new to ServiceNow.
Thanks in advance.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2019 03:45 PM
Bah. I figured it out. The problem had nothing to do with ServiceNow - the problem was my poorly-configured Node.js service. I had this:
var servers = https.createServer({
key: fs.readFileSync('/path/to/Certs/domain_net.key.txt'),
cert: fs.readFileSync('/path/to/Certs/domain_net.crt'),
}, app)
.listen(3001, function () {
// todo: something useful
})
where I needed this:
var servers = https.createServer({
key: fs.readFileSync('/path/to/Certs/domain_net.key.txt'),
cert: fs.readFileSync('/path/to/Certs/domain_net.crt'),
ca: fs.readFileSync('/path/to/Certs/domain_net.ca-bundle')
}, app)
.listen(3001, function () {
// todo: something useful
})
Note the addition of the "ca" line.
Sorry for the forum noise.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2019 08:08 AM
kindly have a look on system property com.glide.communications.trustmanager_trust_all and set it to false. then try , if it's working or not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2019 10:05 AM
Thanks for the response, but I don't think that's it. This property controls whether ServiceNow trusts self-signed certificates.
- false - do not trust self-signed certificates
- true - trust self-signed certificates
False is the default. I set it to true just to see if that would do anything, but the behavior is the same.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2019 10:16 AM
Have you uploaded the certificate to your instance. Refer the documentation below for more details.
Regards,
Rajesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2019 03:16 PM
Well, that gives me a different result, which is at least something. Now it says
org.apache.commons.httpclient.HttpException: No issuer certificate found for <domain>
It's down to SSL Certificate Verification. If I turn that on in Postman, I get the same result. I can fix it in Postman by uploading my "CA bundle" which is the authentication chain, but I haven't found any way to get that to work in ServiceNow. It just stubbornly says "No issuer certificate found" over and over.
