I have IT PAM 4.31 and I am having an issue make a REST GET to a URL that has a self signed cert.
I can do this in Python without issue.
I can do it in PowerShell if I switch of cert validation.
I can do it in SOUP UI if I use preemptive authentication.
When I try to use the OOB REST operator it fails with Peer not authenticated. I have tried HTTP authentication, preemptive authentication. Validate SSL Cert to blank or false.
I have used the same operator to access other REST targets without issue.
I have tried to sent the authentication as part of the URL or as parameters in the operator.
I think the issue is that the target has a self signed cert. I just don't know how to get around the issue.
I have pasted the log with the error.
Thanks.
2020-01-13 10:07:48,689 INFO [com.optinuity.c2o.servicegroup.netutils.HttpGenericOperationsWrapper] [68-9617704cfc3c] Created UsernamePasswordCredentials for non-NTLM login, user: admin
2020-01-13 10:07:48,689 INFO [com.optinuity.c2o.servicegroup.netutils.HttpGenericOperationsWrapper] [68-9617704cfc3c] HTTP request constructed URI: https://30.22.16.21/api/v1/cluster/me
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 1feec674-24a6-4858-9868-9617704cfc3c, setSoTimeout(0) called
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] %% No cached client session
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] *** ClientHello, TLSv1.2
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] RandomCookie:
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] GMT: 1578865876
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] bytes = {
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 207
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 73
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 55
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 226
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 148
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 103
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 106
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 68
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 108
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 56
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 65
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 230
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 130
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 88
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 42
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 69
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 14
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 123
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 192
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 140
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 133
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 58
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 178
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 93
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 66
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 203
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 175
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ,
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 217
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] }
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Session ID:
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] {}
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Compression Methods: {
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 0
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] }
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Extension ec_point_formats, formats: [uncompressed]
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] ***
2020-01-13 10:07:48,689 INFO [STDOUT] [68-9617704cfc3c] 1feec674-24a6-4858-9868-9617704cfc3c, WRITE: TLSv1.2 Handshake, length = 193
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] 1feec674-24a6-4858-9868-9617704cfc3c, handling exception: java.net.SocketException: Connection reset
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] 1feec674-24a6-4858-9868-9617704cfc3c
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] , SEND TLSv1.2 ALERT:
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] fatal,
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] description = unexpected_message
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] 1feec674-24a6-4858-9868-9617704cfc3c, WRITE: TLSv1.2 Alert, length = 2
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] 1feec674-24a6-4858-9868-9617704cfc3c, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] 1feec674-24a6-4858-9868-9617704cfc3c, called closeSocket()
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] 1feec674-24a6-4858-9868-9617704cfc3c, IOException in getSession(): java.net.SocketException: Connection reset
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] 1feec674-24a6-4858-9868-9617704cfc3c, called close()
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] 1feec674-24a6-4858-9868-9617704cfc3c, called closeInternal(true)
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] 1feec674-24a6-4858-9868-9617704cfc3c, called close()
2020-01-13 10:07:48,705 INFO [STDOUT] [68-9617704cfc3c] 1feec674-24a6-4858-9868-9617704cfc3c, called closeInternal(true)
2020-01-13 10:07:48,705 ERROR [com.optinuity.c2o.servicegroup.netutils.HttpGenericOperationsWrapper] [68-9617704cfc3c] IO Error or connection aborted while executing request or processing HTTP response.
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:1066)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:1044)
at com.optinuity.c2o.servicegroup.netutils.HttpGenericOperationsWrapper.callRequest(HttpGenericOperationsWrapper.java:675)
at com.optinuity.c2o.servicegroup.netutils.GetURLOperationRunner.getURLSvcOp(GetURLOperationRunner.java:118)
at com.optinuity.c2o.servicegroup.netutils.GetURLOperationRunner.run(GetURLOperationRunner.java:57)
at java.lang.Thread.run(Thread.java:745)
2020-01-13 10:07:48,705 INFO [com.optinuity.c2o.servicegroup.netutils.HttpGenericOperationsWrapper] [68-9617704cfc3c] Shut down the HTTP client connection manager.
2020-01-13 10:07:48,705 ERROR [com.optinuity.c2o.servicegroup.netutils.GetURLOperationRunner] [68-9617704cfc3c] Failed to run HTTPGetURLOperation
com.optinuity.c2o.util.C2OException: IO Error or connection aborted while executing request or processing HTTP response. class javax.net.ssl.SSLPeerUnverifiedException. peer not authenticated
at com.optinuity.c2o.servicegroup.netutils.HttpGenericOperationsWrapper.callRequest(HttpGenericOperationsWrapper.java:701)
at com.optinuity.c2o.servicegroup.netutils.GetURLOperationRunner.getURLSvcOp(GetURLOperationRunner.java:118)
at com.optinuity.c2o.servicegroup.netutils.GetURLOperationRunner.run(GetURLOperationRunner.java:57)
at java.lang.Thread.run(Thread.java:745)
2020-01-13 10:07:48,705 INFO [com.optinuity.c2o.config.ServerResponseManager] [68-9617704cfc3c] Delivering local response to server: 1feec674-24a6-4858-9868-9617704cfc3c
2020-01-13 10:07:48,705 INFO [com.optinuity.c2o.server.mdb.ServiceFacadeImpl] [68-9617704cfc3c] Sending Response to Queue: queue/ResponseQueue
2020-01-13 10:07:48,705 INFO [com.optinuity.c2o.server.mdb.WorkflowResponseListener] [ssion Task-7859] 13WRL # Process queue message
2020-01-13 10:07:48,705 INFO [com.optinuity.c2o.util.JMSMessagePublisher] [68-9617704cfc3c] Posted message to 30.25.132.111:1099 Time taken. 0