Login

Consultor Eletrônico



Kbase P26130: Make hash utility not found in dlc.
Autor   Progress Software Corporation - Progress
Acesso   Público
Publicação   10/16/2008
Status: Unverified

FACT(s) (Environment):

HP-UX 11.0 32-bit
Progress 9.1C
Progress 9.1D

SYMPTOM(s):

Make hash utility not in dlc.

CAUSE:

Has not installed Progress "Client-Side Security"

FIX:

If you are managing your own Certificate Server (for an intranet), rather than using one of the three certificate authorities - RSA, Verisign, Thawte - you will need to take additional steps before Progress 4GL client (or WebClient) will be able to establish a trust relationship with your server certificate.
1- Obtain a copy of PEM encoded certificate from your certificate server. The certificate server administration has options for getting this certificate. This step is required to make your (internal-use) Cert Server a trusted signing authority (issuer). If you do not do this step AppServer CONNECT("-URL https://...) will fail with error "Secure Socket Layer (SSL) failure. error code -54: unable to get local issuer certificate (9318).

2 - Copy that PEM file onto the machine where the Progress client will run.

3 - On the client machine, run the mkhashfile command (installed with the Progress "Client-Side Security" and "WebClient" products) specifying the PEM encoded certificate (from step 2) as the only command agrument. This creates a copy of the PEM encoded certificate file from step 2 as a hashed file name and copies it to the <install-dir>/certs directory on the client machine. Before running mkhashfile set the DLC (same as <install-dir> environment variable, see the example in $DLC/bin,mkhashfile on UNIX, or %DLC%\bin\mkhashfile.bat on Windows.

When you are connecting to a SSL enabled AppServer, an additional verification is performed by the client to ensure the server machine contains a valid certificate. The client compares the hostname specified in the 4GL AppServer CONNECT("-URL https://<hostname>/..") to the Common Name stored in the server certificate. They have to be an exact match, otherwise the client will report an error during the authentication of the Server Certificate resulting in the message: "Secure Socket Layer (SSL) failure. error code -55: CONNECT HostName: (<host-name>) does not match Certificate: (<commonName>) (9318)".
The "Common Name" as stored in the server certificate should be the hostname of the web server machine.