KB-1270 "HTTP/1.1 403 Forbidden" thrown when attempting to run the HTTP Query smart service

Nick Vigilante — Tue, 07 Mar 2017 15:30:32 GMT

Current Revision posted to Appian Knowledge Base by Nick Vigilante on 3/7/2017 3:30:32 PM

Symptoms

When using the HTTP Query node in a process model, the node fails and the following error is shown in the application server log:

INFO  [stdout] (Appian Work Item - 39 - ProcessExec01 : UnattendedJavaActivityRequest) 2016-09-16 14:33:22,586 [Appian Work Item - 39 - ProcessExec01 : UnattendedJavaActivityRequest] ERROR com.appian.integration.httpclient.function.HttpFunction - ConnectorRuntimeException [title=HTTP error connecting to https://<url>, com.appian.integration.core.exception.ConnectorRuntimeException: HTTP/1.1 403 Forbidden]

During the client key exchange, the certificate length is 0. Opening the packet capture in Wireshark shows the following:

Client Key Exchange > Handshake Protocol: Certificate > Certificate Length=0

Cause

Appian is unable to find a certificate from the Admin Console that satisfies the customer's list of trusted certificate authorities.

Action

To resolve the issue:

Upload a valid client certificate to the Admin Console
Add the client certificate to the server's list of trusted certificate authorities

To determine the list of certificate authorities the server is expecting:

Generate a packet capture by running the following:
```
sudo tcpdump -n -i eth0:0 port 443 -w <pcap file name>.pcap
```
If this is regarding a cloud site, please contact Appian Technical Support for generating the packet capture.

Open the packet capture in Wireshark:

Certificate Request, Server Hello Done > Secure Sockets Layer > Handshake Protocol: Certificate Request > Distinguished Names

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: March 2017

Tags: web services, application design