I created identity-file and certificate using the createcert-utility:
X.509 Certificate ----------------- .... Serial Number: 6cde1cf266d64bca971ae9042f27996f Issued: Jun 11, 2013 15:40:00 Expires: Jun 12, 2018 15:40:00 Signature Algorithm: RSA, SHA1 Key Type: RSA Key Size: 2048 bits Basic Constraints: Is not a certificate authority Key Usage: Digital Signature, Key Encipherment, Data Eqipherment
I use following -xs options for my web-server:
I create following procedure:
create procedure "dba"."fa_CMC_authentication"( urlSpec long varchar, userPasswordEncoded long varchar, certificatekey long varchar) URL '!urlSpec' TYPE 'HTTP:POST' HEADER 'Authorization: Basic !userPasswordEncoded' CERTIFICATE '!certificatekey' ;
call "dba"."fa_CMC_authentication"( 'https:// ... :8020/ ... / ... ', ' ... ', 'certificate= ... ');
For SQL Anywhere Network Server Version 220.127.116.1167:
But for SQL Anywhere Network Server Version 18.104.22.16894:
EXCEPTION at 2013-12-12 09:42:30.264: SQLCODE = -983, SQLSTATE = WW052, ERRORMSG() = HTTP request failed. Status code '<NONE>'
asked 12 Dec '13, 01:56
My apologies, there was an error in my description of the Certicom / OpenSSL changes. One of the changes was listed under the FIPS-related changes, but it applies to non-FIPS as well. I've updated the list.
Speifically, if you're going to use a self-signed certificate in your identity file, that certificate must have the "certificate signing" attribute, so you need to re-create the certificate and make sure that attribute is set (option 6 in Key Usage).
answered 12 Dec '13, 09:10