Kbase P132425: SSL connection from a Progress client fails with 'certificate has expired' error
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
18/06/2008 |
|
Status: Unverified
FACT(s) (Environment):
All Supported Operating Systems
OpenEdge 10.x
SYMPTOM(s):
Error (9318) occurs when attempting to establish a secure connection from a Progress client via HTTPS
Secure Socket Layer (SSL) failure. error code <err_number>: <ssl_error_message> (9318)
Secure Socket Layer (SSL) failure. Error code -54: certificate has expired: for 7651b327.0 in %DLC%\certs (9318)
The *.0 files that correspond to the *.cer files (including 7651b327.0) have been successfully imported into the %DLC%\certs directory
When using Internet Explorer to view the certificate details, all of the certificates in the certificate chain appear to have a valid expiration date
The "%DLC%\bin\certutil.bat -display <path-to-netcertx.pem>" command shows that one of the PEM certificates from the SSL network server connection is expired
Log file generated by the core SSL library utility (sslc) also reports that the certificate has expired
CAUSE:
This is an issue with the web service site hosting the certificate (gateway.itstgate.com, in this example). The site is sending an invalid (expired) digital certificate. Progress OpenEdge has detected the expired certificate and has refused to connect to the server. In order to verify that the certificate from the SSL network server (the site) has expired, take a look at the log file (for instance, sslcon.log) which can be generated by the core SSL library utility (sslc) via the following command:
%DLC%\bin\sslc.exe s_client -debug -host gateway.itstgate.com -port 443 -CApath %DLC%\certs -showcerts > C:\TEMP\sslcon.log
(i.e.: the above does an ssl connection to the web service's HTTPS server)
FIX:
Contact the web service site (gateway.itstgate.com, in this case) to correct the certificate in order to resolve this issue