Error Error connecting soap with https

Good evening, everyone.
Sorry my English is not very good.
I am having trouble connecting the WSDL via SOAP because it is HTTPS.
I followed the following procedures:
- Imported the digital certificate sent by the site vendor, in Internet Explorer,
- I opened the certificate in Internet Explorer by double-clicking the
icon.
- "Path of certificate" tab.
- In the root certificate, then "View certificate".
- In the "Details" tab.
- I chose "Base-64 encoded X.509 (.CER)".
- I saved the file with a .pem extension (in the "certs" folder of the progress installation in the cerber)
- I joined Proenv and executed:
certutil -format PEM -import <default_profile> .pem

mkhashfile <main_prefile> .pem

Returned the message that "alias" successfully generated and successfully import and generated the Hash key

But when executing the command:
DO ON ERROR UNDO, LEAVE:
CREATE SERVER hWebService.
IF hWebService: CONNECT ("- WSDL 'https: //XXXXXX/index.php/api/soap/? Wsdl' -sslprotocols TLSv1 -sslciphers AES128-SHA") THEN
MESSAGE "connected" VIEW-AS ALERT-BOX.
END.

Returns the errors of the attached image,
Can anyone give some tips?
 

Attachments

  • Erro SSL.png
    Erro SSL.png
    31.7 KB · Views: 18

Cecil

19+ years progress programming and still learning.
Please, can you try removing -sslprotocols TLSv1 -sslciphers AES128-SHA from the CONNECT() statement.

I believe that -sslprotocols and -sslciphers are client startup parameters. I could be wrong, I'm following the documentation.

Update: I see that you where using the following KB:

 
Last edited:
Good Morning.
Yes I had seen this post.
I tried without the parameters:
IF hWebService: CONNECT ("- WSDL 'https: //XXXXXX/index.php/api/soap/? Wsdl'") THEN

And yet the mistakes still persist
 

RealHeavyDude

Well-Known Member
The -sslprotocols TLSv1 -sslciphers AES128-SHA and not or not very well documented options you can use on the connect method of an ABL socket. They also work on the connect method on the server handle - connection to the classic AppServer - which I have to use because right now in production we have 11.3 and 11.7 installations which use different crypto standards and I don't want to weaken the 11.7 installation. On a side note - this only works with the direct connection - they do not work with the name server as this is UDP.
 

RealHeavyDude

Well-Known Member
The error message suggest that the OE 11.6 installation per default does use different SSL/TLS protocls and ciphers than the one requested by the service. You will get the same error message when you try to connect from a 11.7 client via TCP to a 11.3 server out-of-the-box.

To get more understanding of the topic you might want to have a look @ the Technical Whitepaper: SSL/TLS Communication in Progress OpenEdge whitepaper.

First I would contact the administrator of the web service you are trying to connect and ask them which SSL protocols and ciphers they support. In the whitepaper you will also find information which OpenEdge version does support which version of SSL/TLS. Maybe you need to upgrade to 11.7 if they are on TLS1.2.
 
Top