When attempting to execute a REST call from an Automic IG REST Job to a ServiceNow (SNOW) endpoint through a MuleSoft intermediary, the job fails.

Error Message in Agent Log: ERROR: Response error code: 400 (Response family: CLIENT_ERROR), Exception: 400 No required SSL certificate was sent: Bad Request

• Automic IG REST agent: Any version
• MuleSoft used as an API gateway/intermediary
• Mutual TLS (mTLS) or client certificate authentication required by the endpoint

The current Automic REST agent (IG.REST and RA.REST) does not natively support SSL client certificate presentation (keypair authentication). While the agent's Web Service tab allows defining a keystore to trust server-side certificates (server validation), it does not have the built-in functionality to present its own certificate to the endpoint for mutual authentication.

This behavior is a known product limitation. A Request for Enhancement (RFE) has been filed to add native keypair authentication to the REST agent. In the interim, use one of the following workarounds:

Workaround 1: Native OS Job using curl

Execute the request via a standard OS job using the curl utility, which supports client certificate flags.

Example Syntax: curl --key path/to/client.key --cert path/to/client.crt -v https://[mulesoft_endpoint]

Note: Ensure the certificate and key are in a format compatible with curl (e.g., PEM). If using a .pfx/P12 file, use the following syntax: curl --cert-type P12 --cert E\:\certs\mycert.pfx:[password] https://[endpoint] (Note the escaped colon \: if using Windows paths). 

Workaround 2: Windows PowerShell Job

Create a Windows job that utilizes PowerShell’s Invoke-RestMethod or Invoke-WebRequest with the -Certificate parameter to handle the mTLS handshake.

See the following for the Enhancement request process for Broadcom's AOD Division