"[ERROR CODE: -1] Session contains no certificates - Untrusted" When Fetching OAuth Token - Support and Troubleshooting

"[ERROR CODE: -1] Session contains no certificates - Untrusted" When Fetching OAuth Token Issue: When attempting to fetch an OAuth token from an external system (e.g., SAP CI), the following error is observed in the outbound HTTP logs:

[ERROR CODE: -1] Session contains no certificates - Untrusted

Root Cause: This error typically occurs when the ServiceNow instance is unable to attach the correct certificate to the outbound request due to:

A missing or improperly configured certificate A PEM file issue Incorrect certificate binding in the OAuth profile or credential alias Steps to Identify the Problematic Certificate: Go to System Logs > Outbound HTTP Logs Search for logs with the error [ERROR CODE: -1] Session contains no certificates - Untrusted Note the Sys ID of the outbound log entry Use the Sys ID to open the complete transaction log Look for the TxID in the logs (e.g., txid=XXXXXXXXX ) Search the System Logs for that TxID 13:40:51.845 Error Default-thread-248 txid=XXXXXXXXX SEVERE *** ERROR *** Unable to load certificate SNow/SF - CoC attestation via SAP CI, pem

Resolution: Locate the Certificate:

Go to System Definition > Certificates Search for the certificate name shown in the logs (e.g., SNow/SF - CoC attestation via SAP CI )

Validate PEM Configuration:

Open the certificate record

Check the PEM certificate content for:

Proper formatting No leading/trailing spaces or characters Valid expiration dates Re-upload the corrected PEM if needed Save the record Verify Credential Configuration:

Go to the Connection & Credential Alias or OAuth Entity Profile being used to fetch the token Ensure that:

The correct certificate is referenced The OAuth profile is correctly configured Retry Token Fetch:

Once the above corrections are made, retry the OAuth token fetch. The request should now succeed and bypass the [ERROR CODE: -1] issue.

Additional Notes: Always verify that the certificate chain is complete (includes intermediate and root certs). Ensure the correct credential alias and OAuth provider profile are being referenced in the integration setup. Outcome: After correcting the PEM certificate and ensuring it's properly bound in the credential configuration, the OAuth token is successfully fetched and the outbound HTTP request is executed without errors