Skip to main content
Question

API call Cloud remote SSL HANDSHAKE FAILURE workflow

  • January 5, 2026
  • 5 replies
  • 48 views
M
Sidekick (Customer)
Forum|alt.badge.img+7

Hello,

Hello, we are encountering an issue when using the REST API Task type workflow/BPA.


When we run the workflow, we get the following error on the REST call: « HTTP Connection: Delegate could not retrieve the data from the specified Auth Token endpoint. Returned status code: 500 »

 

When we disable ssl checking in postman the api call works, but when we enable the ssl checking it does not work.

 

It seems to be an issue with the self generated p12 

 However, the IFS application enforces SSL verification and relies on its own truststore, which currently does not trust the endpoint certificate. 

 


Resolution Steps suggeste by support

1. Export the certificate chain (preferably the issuing root and intermediate CA certificates) used by:
mcihpdifsl03.d29.tes.local:443 


2. Import the CA certificate(s) into the truststore used by the IFS OData pod (key.p12) associated with defaultSSLConfig.
3. Restart the ifsapp-odata pods to ensure the updated truststore is loaded.
4. Re-run the BPA workflow to validate that OAuth token retrieval and the REST call succeed.

 

How can we export the certificate chain ?

And import the CA certificates into the truststore ?

 

The bpa call is on the MT server.

5 replies

C
Do Gooder (Employee)
Forum|alt.badge.img+2
  • Chanaka Perera
  • Do Gooder (Employee)
  • January 5, 2026

Hello

 

Are you using a cloud-based or remote installation?

If you are in a cloud environment, you may be able to manually log into each pod and import the certificates. However, this is only a temporary solution, as pods automatically scale up and down.

For remote environments, you can achieve this permanently by editing the cloud values files

 

M
Sidekick (Customer)
Forum|alt.badge.img+7
  • MCIPSTEV
  • Author
  • Sidekick (Customer)
  • January 5, 2026

Helle we are using remote cloud installation

H
Hero (Employee)
Forum|alt.badge.img+11
  • hhanse
  • Hero (Employee)
  • January 7, 2026

You can import self-signed certificates to oData via the ifscloud-values.yaml these will be persisted.
https://docs.ifs.com/techdocs/25r2/070_remote_deploy/010_installing_fresh_system/200_installing_ifs_cloud/035_ifs_cloud_ifsinstaller/030_installation_parameters/#specific_certificate_for_pods

M
Sidekick (Customer)
Forum|alt.badge.img+7
  • MCIPSTEV
  • Author
  • Sidekick (Customer)
  • January 7, 2026

I followed the instructions 

I added a certificate file self generated

 


ifsappodata:
  minMemory: 1500
#  MaxRAMPercentage: "95" only when java heap issues
#  certificateFile: E:\ifsroot\config\certs\MCIHPDIFSL03.pfx
#  certificatePassword: MCIHPDIFSL03
# added https://docs.ifs.com/techdocs/25r2/070_remote_deploy/010_installing_fresh_system/200_installing_ifs_cloud/035_ifs_cloud_ifsinstaller/030_installation_parameters/#specific_certificate_for_pods
  certificates:  
    mycertfromfile: C:\remote\ifsroot\config\certs\myCert.p12
    mycertPassword: XXX

 

 

And I still have the error “SSL Error:Self signed certificate in certificate chain” when I enable Enable SSL certificate verification, wich is the default API call setting

    maheshmuz
    Hero (Partner)
    Forum|alt.badge.img+10
    • maheshmuz
    • Hero (Partner)
    • January 7, 2026

    Hi, Since you are using a self-signed certificate you are getting this error. try using a certificate signed by a trusted CA

    Terms & ConditionsCookie settingsAccessibility statement