D
David Abdala
Guest
Hello all, I've been struggling with it a long time (I started a year ago, and once in a while I retake it), and still can't make an SSL connection from ABL to our secure server. The last error I'm getting is: Secure Socket Layer (SSL) failure. error code -54: unable to get local issuer certificate: for f454c2e0.0 in C:\Progress\OpenEdge\certs (9318) After digging in documents and finally getting into this instruction: chnServer:CONNECT('-sslprotocols TLSv1 -sslciphers AES128-SHA -ssl -nohostverify -H chonik.intranet -S 443'). Without the sslprotocols, and sslciphers, the error is different (and even less informative). The server certificate gets imported with hash: 7bfe8dba by using certutil. Running: sslc s_client -connect chonik.intranet:443 Loading 'screen' into random state - done CONNECTED(0000015C) depth=0 C = AR, ST = Mendoza, O = NomadeSoft, OU = Sistemas, CN = NomadeSoft, em ailAddress = info@nomadesoft.com.ar verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = AR, ST = Mendoza, O = NomadeSoft, OU = Sistemas, CN = NomadeSoft, em ailAddress = info@nomadesoft.com.ar verify error:num=27:certificate not trusted verify return:1 depth=0 C = AR, ST = Mendoza, O = NomadeSoft, OU = Sistemas, CN = NomadeSoft, em ailAddress = info@nomadesoft.com.ar verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=AR/ST=Mendoza/O=NomadeSoft/OU=Sistemas/CN=NomadeSoft/emailAddress=info@n omadesoft.com.ar i:/C=AR/ST=Mendoza/L=Mendoza/O=NomadeSoft/OU=Sistemas/CN=Nomadesoft/emailAddr ess=info@nomadesoft.com.ar --- Server certificate -----BEGIN CERTIFICATE----- MIIDszCCAxygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlTELMAkGA1UEBhMCQVIx EDAOBgNVBAgTB01lbmRvemExEDAOBgNVBAcTB01lbmRvemExEzARBgNVBAoTCk5v bWFkZVNvZnQxETAPBgNVBAsTCFNpc3RlbWFzMRMwEQYDVQQDEwpOb21hZGVzb2Z0 MSUwIwYJKoZIhvcNAQkBFhZpbmZvQG5vbWFkZXNvZnQuY29tLmFyMB4XDTA4MDUw MjE5MDYzOFoXDTE4MDQzMDE5MDYzOFowgYMxCzAJBgNVBAYTAkFSMRAwDgYDVQQI EwdNZW5kb3phMRMwEQYDVQQKEwpOb21hZGVTb2Z0MREwDwYDVQQLEwhTaXN0ZW1h czETMBEGA1UEAxMKTm9tYWRlU29mdDElMCMGCSqGSIb3DQEJARYWaW5mb0Bub21h ZGVzb2Z0LmNvbS5hcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5aok4qme 0u1D9v2yBEpD9gThQja4bUaU3Va0ewN90LQgEpYKGIXJvC6z2qN14137WBvpDBSU JdZGB0EPJMJxKZ7UEqvbq2/wro8pLM0QUtEwVIHIZcIuIqgtWsXsH/2fJ8KeyoXe A65wfrfjhcyQatVDqFbGMS7s0xgKg3D5RUsCAwEAAaOCASEwggEdMAkGA1UdEwQC MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl MB0GA1UdDgQWBBQu1K1HTDQmQYjyYCwRJvuqxlWSkDCBwgYDVR0jBIG6MIG3gBQs I+OLHllOtoe2IO1+XfmJjPHk4aGBm6SBmDCBlTELMAkGA1UEBhMCQVIxEDAOBgNV BAgTB01lbmRvemExEDAOBgNVBAcTB01lbmRvemExEzARBgNVBAoTCk5vbWFkZVNv ZnQxETAPBgNVBAsTCFNpc3RlbWFzMRMwEQYDVQQDEwpOb21hZGVzb2Z0MSUwIwYJ KoZIhvcNAQkBFhZpbmZvQG5vbWFkZXNvZnQuY29tLmFyggEAMA0GCSqGSIb3DQEB BAUAA4GBAC1GkOzmOsBeb91BwyBuVQVVUHw2QaKXCi43OnnYW8ZeuGknOmtcczXM 1VuO7OJuOgHSiyDkQhTBbaOn384QSeQccxRGV2PcURA83EnUbpygVi8Ay8blwZFg lbnMtJ4/jeDQLmgppnLsxEg0cqE3N1oYsGevGum3+FIqN7FF9+6N -----END CERTIFICATE----- subject=/C=AR/ST=Mendoza/O=NomadeSoft/OU=Sistemas/CN=NomadeSoft/emailAddress=inf o@nomadesoft.com.ar issuer=/C=AR/ST=Mendoza/L=Mendoza/O=NomadeSoft/OU=Sistemas/CN=Nomadesoft/emailAd dress=info@nomadesoft.com.ar --- No client certificate CA names sent --- SSL handshake has read 1522 bytes and written 495 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 5DAF2E1DE33A4559D08066DEDDBE2341D7A2CB87F2EA219095920BAC84C63ED8 Session-ID-ctx: Master-Key: 43F242D928968E488C34BEBE35EBC5EDDFF471C39774037DB417E3774439A205 75DBABE4272455EF0425D03326447F0A Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1476199438 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- I'm out of ideas, out of my field, out of patience, starting to badly speak about ABL. Any help, idea, insult, will be appreciated. Thanks. David.
Continue reading...
Continue reading...