vincezhou | 2021-01-06 04:17:33 UTC | #1
Dear Genesys Support,
Happy New Year to you and family!!
I have a training subscription. With it I got an Architect self-study lab. Within the lab, I just set up a data action and ran a test with it.
the endpoint is https://claimscenter.intg.voya.com/claimscenter/claims/reference/status Note that this website allows requests from any internet client.
- REST call for action execute failed. Message:Unable to send message after 2 attempts, due to: SunCertPathBuilderException: unable to find valid certification path to requested target [90849c49-d688-4890-a3ad-c11ea9040351]
This is an SSL exception. Do I need to load a cert to PureCloud?
thanks a lot!
Jason_Mathison | 2021-01-05 20:18:17 UTC | #2
Hi vincezhou,
You appear to be using an endpoint with a self-signed certificate. Attempting to connect to that endpoint from my browser returns: NET::ERRCERTAUTHORITY_INVALID Subject: *.intg.voyaretirementplans.com Issuer: *.intg.voyaretirementplans.com
Data Actions only work with publicly trusted endpoints. If you would like support for self-signed certificates feel free to create an idea at https://genesyscloud.ideas.aha.io/
--Jason
vincezhou | 2021-01-05 21:07:40 UTC | #3
Thank you so much for your quick response Jason!!
vincezhou | 2021-01-05 21:48:32 UTC | #5
Hi Jason,
Our website is on-prem JSON-based web services. There are security concern to make it publicly trusted endpoint. If Web Services Data Action only supports publicly trusted endpoints, could you suggest a way to connect to the on-prem web services? I guess most companies still host web services on-prem. What is a common practice for Genesys Cloud to connect to on-prem websites?
thanks, Vince
tim.smith | 2021-01-05 23:11:45 UTC | #6
This issue isn't related to the physical location of the service; this issue can happen when hosting on prem, in a data center, or using a cloud service. The issue lies with the cert the service is using. Data actions can only work with services signed using public root CAs. The ability to trust self-signed certs for data actions is not currently supported, but is something that you can submit an idea for and share your use case to assist in prioritization of new features.
The only currently available solution to your problem is to make the Data Action request to an endpoint that is signed with a public root CA that Genesys Cloud trusts. What happens after that is up to you. The most straightforward way to solve this is to purchase a cert from a public root CA, such as IdenTrust, DigiCert, etc. (that's not an endorsement, just naming a few common ones) and apply that cert to your service.
If signing your existing service with a public root CA is not possible for your company, you will need to build a proxy service that is signed by a public root CA to proxy the request. That service can make the request to your self-signed service and proxy the response back to the data action. If obtaining your own cert is an issue in and of itself, you may consider using hosting services that will issue certs to your service under their own. This is a common offering from services like AWS, Azure, Heroku, etc.
Jason_Mathison | 2021-01-06 04:27:27 UTC | #7
Here is one documented workflow for accessing a private service from a Data Action:
https://help.mypurecloud.com/articles/workflow-for-data-actions-with-on-premises-solutions/
We also offer a variety of security measures to make you more comfortable with having your endpoint publicly exposed:
https://help.mypurecloud.com/articles/security-for-data-actions/
vincezhou | 2021-01-06 15:07:40 UTC | #8
Thank you so much Tim for your detailed answer.
system | 2021-02-06 15:07:42 UTC | #9
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 9630