Web Services are becoming more secure. When TLS 1.1 or 1.2 is required by the web service that is being called, an exception is thrown if ServiceNow is using the default SSLv3 or TLS 1.0. When creating or testing an Outbound SOAP or REST Message, a message indicating that the WSDL is unable to load. 


Symptoms include:

  • Outbound web service calls fail: java.lang.RuntimeException: Could not generate DH keypair
  • Searching for the Java version in the page / will show lines like the following, depending on the instance version:
    < type="info">1.6.0_xx</>
    < type="info">1.8.0_152-snc2</>


The loaded Java version (i.e. 1.6 or 1.8) does not allow for TLS 1.1 or 1.2.

For example, on the latest Jakarta patch the expected Java version should be:

< type="info">1.8.0_161-snc1</>



ServiceNow Customer Support can upgrade the Java version of your instance. Open a case with Technical Support. Include the exact error message you received and your Java version (obtained from 

After the case has been received and reviewed, a Change record is created and can be processed at the time of your choice.

Alert iconWarning: The instance is not taken down to implement the change, however, each node in the instance requires a restart. Any users currently logged into the node must re-authenticate, so it is best to schedule the change during a low use time period.

Article Information

Last Updated:2020-02-20 03:10:26