Troubleshooting

Here’s what you can do when you see these errors.

HTTPS Hostname Wrong

To resolve the error logged as Integration Gateway - External System Contact Error (158,10721), update your gateway configuration. See Configuring the Integration Broker, “Configuring the Gateway.”

Untrusted Server Certificate Chain

To resolve this issue, you must upload the DFE API root certificate to your web server keystore.

Note:

These steps assume you’re using Firefox as your browser. If you use another browser, you may have to determine the corresponding steps.

  1. On your browser, enter the REST base URL in the address field, then press Enter.

    This is the same URL you used in “Updating the REST Base URL.”

  2. In the URL field where you entered the REST base URL, click the lock icon. This icon is located on the left of the URL.

  3. In Connection, click the arrow to show connection details.

  4. Click More Information.

  5. From the window that appears, click View Certificate.

    The Certificate Viewer appears.

  6. Click Details.

  7. In Certificate Hierarchy, select the topmost certificate: GlobalSign Root CA - R3.

  8. Click Export, then save the certificate to a place in your hard drive.

    If necessary, save the certificate as GlobalSign Root CA - R3.crt.

  9. Using an FTP client, upload the certificate to your web server keystore folder. This is the path: /opt/oracle/psft/pt/cfghome/webserv/peoplesoft/piaconfig/keystore.

  10. Using PuTTY, import the certificate to your keystore folder. Enter this on the command line:

    keytool -import -v -alias "GlobalSignRootCA-R3" -keystore /opt/oracle/psft/pt/cfghome/webserv/peoplesoft/piaconfig/keystore/pskey -storepass Passw0rd -file /opt/oracle/psft/pt/cfghome/webserv/peoplesoft/piaconfig/keystore/GlobalSignRootCA-R3.crt -trustcacerts

  11. If the certificate already exists and you’re asked if you still want to add it or whether you trust this certificate, answer Yes.

    You should see this message: Certificate was added to keystore.

  12. Bounce the web server, application server, and process server.

  13. Log in to PIA, then go to PeopleTools, and then Security, and then Security Objects, and then Digital Certificats.

  14. Add a new row:

    • Type: RootCA

    • Alias: GlobalSignRootCA-R3

      This is the alias you used when you imported the certificate to your keystore folder.

  15. Click Add Root.

  16. Using a text editor, open the certificate you saved (step 8) and copy the entire content of the file.

  17. On the Add Root Certificate page, paste the certificate content in the text box.

  18. Click OK.

  19. Bounce the web server, application server, and process server.

  20. Test your connection to the API. See Configuring the Integration Broker, “Testing Your Connection.”