Question webservice issue

redsuitee

redsuitee

Member
hello everybody..

I'm a junior progress programmer from Indonesia. :D
I need some helps here.. Now I'm learning communication between OpenEdge and WebServices. But I found some errors. :confused:
Can anybody help me?

I'm trying to make a connection like this
Code: 
DEFINE VARIABLE hWebService AS HANDLE.
CREATE SERVER hWebService.
DEF VAR IRETURN AS LOGICAL.

ireturn = hWebService:CONNECT
("-WSDL https://staging.siteminder.com.au/pmsxchange/services/pmsxchange.wsdl 
 -WSDLUserid xx
 -WSDLPassword xx`
 -SOAPEndpoint https://staging.siteminder.com.au/pmsxchange/services
 ").

DISP ireturn.
But I got error number 9318..
Secure Socket Layer (SSL) failure. error code -54: unable to get local issuer certificate: for 594f1775.o in C:\OpenEdge\certs (9318)
Click to expand...
 
RealHeavyDude

RealHeavyDude

Well-Known Member
That's a knowledge base article. You'll find the knowledge base on the Progress web site under support.

RealHeavyDude.
 
M

MaximMonin

Member
from KB:


Status: Unverified

SYMPTOM(s):

An OpenEdge Web Service Client fails with error 9318 when connecting
to a secured Web Service

OpenEdge Web Service Consumer fails with error 9318 when connecting
via HTTPS

Secure Socket Layer (SSL) failure. error code -54: unable to get local
issuer certificate: for <hash file> in <path> (9318)

The WSDL Analyzer (bprowsdldoc) fails with error 11748

Error loading WSDL document <WSDL URL> : Fatal Error: connect
operation failed (WinSock reported error=0) location <WSDL URL>
(11748)

The WSDL Analyzer also returns the following error messages before
error 11748:

Error message: 9318

Error message: 9407

Same WSDL is accessed via Web Browser and certificate is used with no
errors

FACT(s) (Environment):

OpenEdge 10.1x
All Supported Operating Systems

CAUSE:

The Root CA has not been imported to OpenEdge

FIX:


Import the Root CA certificate. Here are the basic steps:

- Go to https://<WSDL URL> in Internet Explorer.
- Open the certificate in Internet Explorer by double-clicking on the
padlock icon.
- Go to the "Certificate Path" tab.
- Click on the root certificate (the certificate at the top of the
tree), then on "View Certificate".
- Go to the "Details" tab.
- Click on "Copy to File".
- Choose "Base-64 encoded X.509 (.CER)".
- Save the file with a .pem extension (or rename it afterwards).
- Go into Proenv and run:

mkhashfile <previously_saved_file>.pem

- OR -

certutil -format PEM -import <previously_saved_file>.pem
Note: Internet Explorer does not provide access to certain Root CA
certificates. In cases where error 9318 shows a different hash file
than the one generated by mkhashfile with the exported Root CA
certificate from IE, try exporting the Root CA certificate with
Firefox. At the time of this writing, this issue has only been noticed
with the following certificate chain: "AddTrust External CA Root" ->
"UTN-USERFirst-Hardware".
 
redsuitee

redsuitee

Member
MaximMonin said:
from KB:


Status: Unverified

SYMPTOM(s):

An OpenEdge Web Service Client fails with error 9318 when connecting
to a secured Web Service

OpenEdge Web Service Consumer fails with error 9318 when connecting
via HTTPS

Secure Socket Layer (SSL) failure. error code -54: unable to get local
issuer certificate: for <hash file> in <path> (9318)

The WSDL Analyzer (bprowsdldoc) fails with error 11748

Error loading WSDL document <WSDL URL> : Fatal Error: connect
operation failed (WinSock reported error=0) location <WSDL URL>
(11748)

The WSDL Analyzer also returns the following error messages before
error 11748:

Error message: 9318

Error message: 9407

Same WSDL is accessed via Web Browser and certificate is used with no
errors

FACT(s) (Environment):

OpenEdge 10.1x
All Supported Operating Systems

CAUSE:

The Root CA has not been imported to OpenEdge

FIX:


Import the Root CA certificate. Here are the basic steps:

- Go to https://<WSDL URL> in Internet Explorer.
- Open the certificate in Internet Explorer by double-clicking on the
padlock icon.
- Go to the "Certificate Path" tab.
- Click on the root certificate (the certificate at the top of the
tree), then on "View Certificate".
- Go to the "Details" tab.
- Click on "Copy to File".
- Choose "Base-64 encoded X.509 (.CER)".
- Save the file with a .pem extension (or rename it afterwards).
- Go into Proenv and run:

mkhashfile <previously_saved_file>.pem

- OR -

certutil -format PEM -import <previously_saved_file>.pem
Note: Internet Explorer does not provide access to certain Root CA
certificates. In cases where error 9318 shows a different hash file
than the one generated by mkhashfile with the exported Root CA
certificate from IE, try exporting the Root CA certificate with
Firefox. At the time of this writing, this issue has only been noticed
with the following certificate chain: "AddTrust External CA Root" ->
"UTN-USERFirst-Hardware".
Click to expand...


thank you for your help..
But I still can't connect to the WSDL URL, I think actually your solution works because the error changed and I found some new files in C:\OpenEdge\certs\ after I run your syntax at proenv.
Now I got another error message :
SSL failure. error code - 55: CONNECT HostName: (staging.siteminder.com.au) doesn't macth Certificate: (*.siteminder.com.au) (9318)
Click to expand...
Did I make some mistakes?
Please help.. thanks
 
RealHeavyDude

RealHeavyDude

Well-Known Member
AFAIK site minder is a product from Computer Associated which is a plug-in to the web server to determine the location from which a request originates. This is used for example in banks where there are regulations that some data may not be transferred across border - a so called cross border access. I don't know in detail how site minder works and what's needed from the client perspective. You need to check with the web service provider as to what is required - or maybe you are attempting, from the web service provider's point of view, what they are consider an illegal cross border access to sensitive data, and therefore reject your request. This has nothing to do with login credentials as the same user could log on to a system from within the office or when on a business trip on the other side of the world from a mobile device ...

Heavy Regards, RealHeavyDude.
 
redsuitee

redsuitee

Member
I've got "-nohostverify" in www.oehive.org, they said that to workaround my error before (9318 - error55), just specify that syntax on the URL connect statement.
And Yes, it works and the error disappear.
But another error still appear :
"Error loading WSDL document
<WSDL URL>: Cannot resolve reference: NightDurationType{[null]} for construct [null]{[null]} (11748)"

How can I solve that error?
thank you
 
You must log in or register to reply here.

Similar threads

T
MS Authentication changes
Replies
1
Views
568
Tarby777
T
A
  • Locked
[Stackoverflow] [Progress OpenEdge ABL] OpenEdge connection to REST refused error code 10061 - certs/ciphers or something else?
Replies
0
Views
480
ade jones
A
K
  • Locked
[Stackoverflow] [Progress OpenEdge ABL] How to skip ssl certificate verification on HTTPS connection using the OpenEdge.Net Libraries
Replies
0
Views
3K
kuhle
K
C
  • Locked
[Progress Communities] [Progress OpenEdge ABL] Forum Post: FW: Progress Alert and Notification Service Article Alert OpenEdge
Replies
0
Views
787
Community Admin
C
S
  • Locked
[Progress Communities] [Progress OpenEdge ABL] Forum Post: Secure Socket layer(SSL) failure, error code 10060 : unknown network error (9318)
Replies
0
Views
685
singh.mitesh@gmail.com
S
Top