The site has the following chain of certificates:

- DigiCert Global Root CA (RSA, SHA256 / Digital Signature, Certificate Signing, CRL Signing)
- - DigiCert Global Root CA (RSA, SHA256 / Digital Signature, Certificate Signing, CRL Signing)
- - - DigiCert SHA2 Secure Server CA (RSA, SHA256 / Digital Signature, Key Encipherment)

However, these certificates do not work for 12.0.1.4436-server:
SQLCODE = -983, SQLSTATE = WW052, ERRORMSG() = HTTP request failed. Status code '<NONE>'

Similar behavior was described in:
How to download a file from internet using sql anywhere that requires a certificate?
How to download a file from internet using sql anywhere 11 that requires a certificate?

Tell me, please, which certificate can be used in web client procedure/function.

asked 07 Mar, 09:11

Ilia63's gravatar image

Ilia63
821283452
accept rate: 16%

Are you specifying the root certificate in the procedure definition?

(08 Mar, 09:17) Graeme Perrow
Replies hidden

Yes.


alter PROCEDURE sp_4sms()
    URL 'https://sms.dhcc.ae/...'
    TYPE 'HTTP:POST:application/x-www-form-urlencoded'
    CERTIFICATE 'certificate=
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----'


where certificate


X.509 Certificate


Common Name: DigiCert Global Root CA Country Code: US Organization: DigiCert Inc Organizational Unit: www.digicert.com Issuer: DigiCert Global Root CA Serial Number: 83be056904246b1a1756ac95991c74a Issued: Nov 10, 2006 3:00:00 Expires: Nov 10, 2031 3:00:00 Signature Algorithm: RSA, SHA1 Key Type: RSA Key Size: 2048 bits Basic Constraints: Is a certificate authority, path length limit: 0 Key Usage: Digital Signature, Certificate Signing, CRL Signing

(09 Mar, 03:23) Ilia63

Thanks for posting the procedure definition. I am seeing the same problem but all I can tell is that the SQLA HTTP server is shutting down the connection during the TLS handshake. We have no way to know why.

permanent link

answered 09 Mar, 15:39

Graeme%20Perrow's gravatar image

Graeme Perrow
8.7k374111
accept rate: 52%

edited 13 Mar, 08:16

Thanks.
Is this a singularity of this particular (DigiCert) certificate?
Is there a workaround to set the request for a site with such a certificate?

(13 Mar, 02:26) Ilia63

Don't you have to include the site certificate together with the root certificate ? I think I have heard that you have to provide both.

(13 Mar, 06:45) Thomas Dueme...

Sorry, there was a typo in my reply. The HTTP server is the one shutting down the connection, not the SQLA server. There may be a workaround but I'd have to know why the connection is being shut down first. You are specifying the correct certificate, as far as I can tell.

(13 Mar, 08:18) Graeme Perrow
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×32
×21

question asked: 07 Mar, 09:11

question was seen: 253 times

last updated: 13 Mar, 08:18