More Troubleshooting Consuming Web Service

T

tpb1962

New Member
Hello,

I'm consuming a web service via Progress Openedge v10.2bsp7.

Everything works Ok.

If I add -proxyhost localhost and -proxyport 8888 and turn on fiddler I receive an error.

It is error -54 and then gives me the (9318).

Everything points to certificate not where it should be but if that is the case I would not think it would work at all. Also this had worked probably a a couple of weeks ago and no changes that I know.

Probably something simple I'm missing but can't seem to find.

Thanks in advance,
Tim.
 
I'll take it that you use SSL. As soon as you use SSL and you don't use -nohostverify ( which IMHO compromises the concept of SSL ) the client needs to have the root certificate of the server in its certificate store. When you directly connect to the WebService and it is working you either have the certificate in the Progress certificate store ( certs directory beneath the installation directory ) or you have specified -nohostverify or you are not doing SSL ( HTTPS ).

I've never worked with fiddler - but, AFAIK, in this case fiddler is the client and must have the server's root certificate in its certificate store. Or probably the -nohostverify - if you are using it - is not working in conjunction with fiddler and you need to intall the server's root certificate in the Progress certificate store.

Heavy Regards, RealHeavyDude.
 
RealHeavyDude said:
I'll take it that you use SSL. As soon as you use SSL and you don't use -nohostverify ( which IMHO compromises the concept of SSL ) the client needs to have the root certificate of the server in its certificate store. When you directly connect to the WebService and it is working you either have the certificate in the Progress certificate store ( certs directory beneath the installation directory ) or you have specified -nohostverify or you are not doing SSL ( HTTPS ).

I've never worked with fiddler - but, AFAIK, in this case fiddler is the client and must have the server's root certificate in its certificate store. Or probably the -nohostverify - if you are using it - is not working in conjunction with fiddler and you need to intall the server's root certificate in the Progress certificate store.

Heavy Regards, RealHeavyDude.
Click to expand...

Hi,

Thanks for the response.

I agree on the -nohostverify and I'm not using it.

I'm using fiddler as the proxy to be able to see the traffic. Not sure which certificate needs to go where. The error message does not give the cert name rather it is as the entry like "8034fad" and that it is not in the Progress cert store. I would try adding using certutil but I don't know which one it is referencing. Any way to determine which cert is the issue?

Thanks,
T.
 
certutil -list ( in a proenv environment ) will give you the list of root certificates in the certificate store. AFAIK, the "8034fad" identifier gets created when you import the certificate, but I don't know how it is "determined". Usually when I need to deploy certificates I just copy the files on from %DLC%\certs to the %DLC%\certs in the other installation.

Since you get the message in the the Progress runtime client I strongly suggest that the certificate is _NOT_ in Progress' certificate store. Therefore you need to import it using certutil. I don't know how to know which certificate it is when you just know the store entry identifier ...

Heavy Regards, RealHeavyDude.
 
You must log in or register to reply here.
Back
Top