Kbase P165212: Getting "error code -54: self-signed certificate", secured Web Service uses a wildcard certificate,
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
04/05/2010 |
|
Status: Unverified
SYMPTOM(s):
Getting "error code -54: self-signed certificate", secured Web Service uses a wildcard certificate, when issuer of root and client certificates do not match.
Secure socket Layer (SSL) failure. Error code -54: self-signed certificate: For <certificate hash> in <OpenEdge client certificate path> (9318).
cert.client.log shows ERROR --- Certification verification failure.
cert.client.log ERROR --- self signed certificate in certificate chain
Self signed certificates are not being used.
Created Client Certificate using rootCA issued by company B.
Root Certificate is issued by company A.
FACT(s) (Environment):
Replacing the rootCA issued by company A with rootCA issued by company B resolved the problem.
OpenEdge 10.1x
All Supported Operating Systems
CAUSE:
Original issuer of the Certificates (company A) had been purchased by a another company (Company B). The customer knowing this, created the client certificate using the new issuers' name, but did not replace the root certificate with one created by the new provider. When client and root certificate validation occurs a match between the issuers name is not found and it fails.
FIX:
Replace the root certificate with the latest one from the current certificate provider.