Kbase P126834: The OpenEdge Web Service client is unable to connect to a Web Service which is using a self-signed c
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
23/07/2008 |
|
Status: Unverified
SYMPTOM(s):
The OpenEdge Web Service client is unable to connect to a Web Service which is using a self-signed certificate
"Error code -54: self-signed certificate" when calling a Web Service
Secure socket Layer (SSL) failure. Error code -54: self-signed certificate: For <certificate hash> in <OpenEdge client certificate path> (9318).
FACT(s) (Environment):
OpenEdge 10.1A
OpenEdge 10.1B
All Supported Operating Systems
CAUSE:
The OpenEdge client does not support self-signed certificates out-of-the-box, because these types of certificates are not signed by a Root CA certificate.
FIX:
If possible, change the Web Service to use certificates which were signed by a Root CA certificate. For information on this, please refer to Solution P90739, "How to create one's own CA root certificate using OpenSSL to sign IIS certificate request for use with SSL".
- OR -
OpenEdge 10.1A02 and 10.1B introduced an undocumented client startup parameter -sslverify which allows users to adjust the intensity for server certificate verification. The default is 2 (standard). The failures seen in this case can be suppressed by setting the SSL verification level to one, so -sslverify 1. This parameter is not valid in Linux and AIX64 since those platforms use OpenSSL libraries instead of RSA. This problem is not reproducible with the OpenSSL libraries.
Please note that in OpenEdge 10.1C the RSA SSL modules were removed for OpenSSL modules, so the -sslverify parameter has become obsolete.