Certificate issue - javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request

Hi,   We have implemented a ‘Call REST’ step, calling a 3rd party that requries certificates. The 3rd party have 3 different versions of their API; Simple test version. (nothing is saved, response data is mocked etc., test certificate can be downloaded from 3rd partys website) More complete sandbox (works like a production version but with test data, personal certificate is issued by 3rd party) Production version. They should all have the same requirements but with different certificates and endpoints. I have successfully used the 1st version, but when i switched the certificates and endpoints in order to ‘advance’ to the sandbox i get the following exception from the ‘Call REST’ step: ‘javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request’    Error calling REST service     at MyModule.MyHTTPMicroflow(CallRest : 'Call REST (PUT)') Advanced stacktrace:     at com.mendix.integration.actions.microflow.RestCallAction.execute(RestCallAction.scala:79) Caused by: java.security.PrivilegedActionException: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request     at com.mendix.integration.actions.microflow.RestCallAction.execute(RestCallAction.scala:79) Caused by: null     at com.mendix.integration.actions.microflow.RestCallAction.execute(RestCallAction.scala:79) Caused by: extension (5) should not be presented in certificate_request     at com.mendix.integration.actions.microflow.RestCallAction.execute(RestCallAction.scala:79)   Im fairly certain I have done nothing different apart from the certs and endpoints but can not find any good information that makes sense to me related to the exception. I found some threads on other forums discussing TLS 1.3 vs 1.2, but since the first version worked I figure that shouldnt be the issue. Any input would be highly appreciated, Java is not my home turf and the inner workings of Mendix even less so. If any clarifications are needed, please let me know. Many thanks in advance! EDIT: I should have mentioned Im running this app locally at the moment, standard, vanilla Mendix, no fuzz. For any Kubernetes or Java pro’s out there, the github thread linked below discusses an issue with JDK. Could it be relevant in this case, and if so, is it possible to set a ‘JDK runtime flag’ in Mendix like they suggest in their case? https://github.com/kubernetes-client/java/issues/2256  
1 answers

Hi Hugo,

I’m no expert on this but have you tried putting the suggested flag in the ‘Extra JVM parameters’ box of the app settings? (under App > Settings > Configurations > Edit Configuration > Server tab > Extra JVM Parameters)

Previously something similar helped me when I had some certificate issues, maybe that might work here.