Kbase P19400: WebClient can not connect to web server.
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
5/29/2003 |
|
Status: Unverified
SYMPTOM(s):
WebClient can not connect to web server.
SSL certificate common name does not match the server name in the URL.
"Secure Socket Layer (SSL) failure. error code -55: CONNECT HostName: (<hostName>) does not match Certificate: (<commonName>) (9318)".
CHANGE:
Upgraded the Verisign certificate on the web server.
CAUSE:
The hostname specified in the AppServer connect statement does not match the "common name" on the web server certificate.
FIX:
When you are connecting a WebClient application to a web server using SSL, an additional verification is performed by the client to ensure the server machine
contains a valid certificate. The client compares the hostname specified
in the 4GL AppServer CONNECT("-URL https://<hostname>/...") to the Common
Name stored in the server certificate. They have to be an exact match,
otherwise the client will report an error during the authentication of the
Server Certificate resulting in the message: "Secure Socket Layer (SSL)
failure. error code -55: CONNECT HostName: (<hostName>) does not match
Certificate: (<commonName>) (9318)".
The "Common Name" as stored in the server certificate should be the hostname of the web server machine.
You can override this additional verification by setting the "-nohostverify"
option on the AppServer CONNECT statement.
For example:
CONNECT("-URL https://<hostname>/... -nohostverify").