PeopleSoft and 3rd Party URL's Certificate


PeopleSoft Database needs to contain the 3rd party URL's root certificate and intermediate certificate (if one exists).  Here are the steps to obtain 3rd party URL's root certificate and import into PeopleSoft database. ( Related to Application Server/ Process Scheduler Server)

Note: if you looking for SSL with PeopleSoft Web Server, Read PeopleSoft Weblogic SSL Certificate Insight Article

There are many Certificate Authorities and PeopleTools only includes a small handful of sample Root CAs. You are responsible to load own Root CA to this page from Step 10. If it does not already exist as delivered data.



Error 1

Processes submitted to the Process Scheduler go to success. However when they are handed off to the Distribution Server, there is an error

"SSLHandshakeException" "Untrusted Server Certificate Chain" during the Posting process and the processes go to Distribution Status = Not Posted.
-----------------------
Java exception thrown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain


Error 2

Integration Gateway - External System Contact Error (158,10721)

Integration Gateway was not able to contact the external system. The network location specified may be incorrect, or the site is permanently or temporarily down.

Steps to Resolve

Log onto the URL for pagelet/ Report Node( Where you getting problem) URL

2) Click on the digital certificate padlock icon in Internet Explorer
3) Click on Certification Path tab and highlight the Certificate Authority
4) click on View
Certificate > Details
5) Scroll to Public Key
6) Highlight the entire key visible in the box
7) Copy to File
8) Select Base-64 encoded
9) Name the file *.pem
10) Navigate to
PeopleTools > Security > Security Objects > Digital Certificates
11) Click the + sign to add new record where Type = Root CA
12) Give the formal name from the padlock display of certificate > Subject field > CN= (use the complete designated formal name of the certificate authority). Tab to the next Alias field and it will be populated automatically.
13) Open the previously saved *.pem file in Notepad and copy the entire text into the Detail field of the new Root CA. Include all characters but no carriage return at the end.

If an Intermediate Certificate is also used with the Root CA, then the Intermediate Certificate Public Key must be loaded along with the Root CA entry. Here are the necessary steps:

STEPS - when there is an Intermediate Certificate

1) Follow the steps above for the Root Certificate Authority.

2) Repeat steps 1-9 above, this time highlighting the Intermediate Certificate in the Certification Path tab mentioned in step 3, to create a base-64 exported key file for the Intermediate Certificate.

3) Create one Root CA record with BOTH the Intermediate Certificate Public Key and the Root CA Public Key as follows. The Intermediate Certificate Public Key must be on TOP (Note: you may have to delete any existing record for the same Root CA and create a brand new record with the combined Public Keys)

-----BEGIN CERTIFICATE-----
HJkjshdkj65lDJLHYDlhllhlyhihslasdsds <-- Contents of Intermediate Certificate
etc etc
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
KJGYTH679679khgkgadfjkh%7GGKiss <-- Contents of Root Certificate
etc etc
-----END CERTIFICATE-----

4) After you enter the Intermediate Certificate Public Key and the Root CA Public Key, verify it is not a duplicate as follows:
i. Click the 'Detail' button next to the new entry
ii. Make note of the Validity period and Serial#
iii. Verify there are no other entries with the same validity period and serial#
iv. If you find a duplicate entry, delete it (first make sure no certificate is using the entry)

5) Bring down appserver/webserver, clear appserver/webserver cache, and bring up appserver/webserver.  This is required step for PeopleSoft to recognize 3rd party webserver's certificates.