Requests get denied due to cwe-api.mitre.org configuration #5
Description
We are trying to have the API working using ServiceNow to get some data.
Using tools like PostMan we are successful, but inside ServiceNow we are getting errors on our requests such as:
CONNECTED(00000005)depth=0 C = US, ST = Massachusetts, O = The Mitre Corporation, CN = cwe-api.mitre.orgverify error:num=20:unable to get local issuer certificateverify return:1depth=0 C = US, ST = Massachusetts, O = The Mitre Corporation, CN = cwe-api.mitre.orgverify error:num=21:unable to verify the first certificateverify return:1
No URIs provided, removing all URI matcher rulesRequest not sent to uri= https://cwe-api.mitre.org/api/v1/cwe/weakness/23 : org.apache.commons.httpclient.HttpException: No issuer certificate found for cwe-api.mitre.org: No issuer certificate found for cwe-api.mitre.orgNo URIs provided, removing all URI matcher rules
We have setup correctly the certificate and also contacted ServiceNow in case there is specific requirement, but there was no more configurations required to get it working. The issue seems to be related to the cwe-api.mitre.org.
It seems the endpoint is not presenting a complete SSL certificate chain. While tools like Postman may work (due to using the local trust store), the ServiceNow platform performs strict SSL validation and requires the full certificate chain—including intermediate and root certificates—to be served by the remote site.
Is it possible for cwe-api.mitre.org to be configured to ensure the SSL configuration is updated to include all necessary certificates in the chain.