KB-1270 "HTTP/1.1 403 Forbidden" thrown when attempting to run the HTTP Query smart service


When using the HTTP Query node in a process model, the node fails and the following error is shown in the application server log:

INFO  [stdout] (Appian Work Item - 39 - ProcessExec01 : UnattendedJavaActivityRequest) 2016-09-16 14:33:22,586 [Appian Work Item - 39 - ProcessExec01 : UnattendedJavaActivityRequest] ERROR com.appian.integration.httpclient.function.HttpFunction - ConnectorRuntimeException [title=HTTP error connecting to https://<url>, com.appian.integration.core.exception.ConnectorRuntimeException: HTTP/1.1 403 Forbidden]

During the client key exchange, the certificate length is 0. Opening the packet capture in Wireshark shows the following:

Client Key Exchange > Handshake Protocol: Certificate > Certificate Length=0


Appian is unable to find a certificate from the Admin Console that satisfies the customer's list of trusted certificate authorities.


To resolve the issue:

  1. Upload a valid client certificate to the Admin Console
  2. Add the client certificate to the server's list of trusted certificate authorities

To determine the list of certificate authorities the server is expecting:

  1. Generate a packet capture by running the following:
    sudo tcpdump -n -i eth0:0 port 443 -w <pcap file name>.pcap
    If this is regarding a cloud site, please contact Appian Technical Support for generating the packet capture.
  2. Open the packet capture in Wireshark:
    Certificate Request, Server Hello Done > Secure Sockets Layer > Handshake Protocol: Certificate Request > Distinguished Names

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: March 2017