Skip to main content
S
SaranKarthick1-Visitor
1-Visitor
December 18, 2018
Solved

Disable SSL certificate verification for a REST service

  • December 18, 2018
  • 1 reply
  • 23898 views

Hi Developers,

 

I'm using GetJSON content loader function available in TWX. Its throwing the below given error:

 

“Error:JavaException: javax.net.ssl.SSLPeerUnverifiedException: Host name 'xxx.com' does not match the certificate subject provided by the peer (CN=xxx, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xxx)”

 

"ignoreSSLErrors" in the params of GetJSON service also doesn't seem to affect the result.

 

I tried the same call from postman and only when I turned off the “SSL Certificate Verification” in its settings I was able to get the json output.

 

So how can i pass the insecure tag along with the REST service from Thingworx or how to turn off the SSL verification setting on the platform. Also how to pass the request body using the GetJSON service.

 

Thanks and Regards,

Saran

Best answer by rosharma

I see this issue is due to mismatch of server hostname with CN of certificate installed at local keystore file.

 

On this I went on to search over internet to find if there is a way if we can edit/change the CN of cert installed at local keystore but I think we cannot change the CN once an SSL cert is issued and hence we need to setup a new SSL cert matching the names and go through the issue/installation process again.

 

Meanwhile are you able to locate what is the exact mismatch between the names ? Below is the command to know the cert’s information – follow below 2 links that might help

keytool -list -v -keystore keystore_name

https://knowledge.digicert.com/solution/SO28992.html

https://knowledge.digicert.com/solution/SO15739.html

 

further I found this link very informative in understanding the reasons for mismatch between the hostnames/CN – see if this helps in determining the cause

https://support.desk.com/customer/en/portal/articles/984721-host-name-does-not-match-server-certificate-errors#ClosedDtmPopup

1 reply

M
MarekP.Nowaczyk15-Moonstone
15-Moonstone
December 19, 2018

Looks like similar issue was reported in JIRA TW-38279 scheduled to be fixed in ThingWorx 8.4.

 

For now to resolve your error add the server or CA certificate to Java cacerts keystore. If you are not sure how to do this you can follow instructions in this article https://www.ptc.com/en/support/article?n=CS282851

    S
    SaranKarthick1-VisitorAuthor
    1-Visitor
    December 19, 2018

    Hi @MarekP.Nowaczyk,

     

    Thanks for your reply.

     

    I'll certainly try out your fix. I hope this article is applicable for TWX 8.3 ( which is we're facing the issue) since it was mentioned that it applies to ThingWorx Platform 7.4 F000.

    .

    Regards,

    Saran

    S
    SaranKarthick1-VisitorAuthor
    1-Visitor
    December 20, 2018

    Hi @MarekP.Nowaczyk,


    I have imported the certificate into Java keystore and I validated the Thumbprint in the keystore list. Then I rebooted the server and tested the service. But the issue still persists.

     

    Is there any other reason why it could have failed?

     

    Regards,

    Saran

    Terms & ConditionsAccessibility statement