Please be aware that the content in SAP SQL Anywhere Forum will be migrated to the SAP Community in June and this forum will be retired.

Getting Digital certificate of a website

1
1

Hello all,

How can i get the digital signed certificate string of a website ? or is there a way to compare digital signed certificate strings directly from website.

asked 15 May '15, 10:34

Dev's gravatar image

Dev
81114
accept rate: 20%

Is that a question related to SAP Sybase SQL Anywhere?

(19 May '15, 11:07) Volker Barth

Yes,

Cause i want to get the certificate string using sql anywhere.

Thank you

(19 May '15, 11:23) Dev
One Answer:
active answersoldest answersnewest answerspopular answers
2

SQL Anywhere cannot download an HTTPS remote certificate directly. You need to either have it available already and provide it to SQL Anywhere in your SQL scripts or you can optionally download it dynamically with a separate external client (like openssl s_client) and launch the client from SQL Anywhere (e.g. using xp_cmdshell) and then refer to the client's output.

There are examples on how to use openssl s_client for this purpose elsewhere, but here's a command that worked for myself on Windows:

openssl s_client -showcerts -connect open.sap.com:443 < nul 2> nul | openssl x509 -outform PEM > opensapcom.pem

CREATE OR REPLACE PROCEDURE "DBA"."get_open_sap_com"()
result( "name" varchar(254),"value" long varchar )
url 'https://open.sap.com/'
certificate 'file=c:\\temp\\opensapcom.pem'
type 'http:get';

CALL get_open_sap_com();
permanent link

answered 21 May '15, 17:38

Jeff%20Albion's gravatar image

Jeff Albion
10.8k171175
accept rate: 25%

Comment Text Removed

I have tried your code and get: The secure connection to the remote host failed: The TLS handshake failed, error code 0 SQLCODE -990

I have to use a proxy connection but that seams not to be the problem. This is the Web Client Log

[connid = 6, 05/22 15:07:57.818, PROXY REQUEST]
CONNECT open.sap.com:443 HTTP/1.0
Host: open.sap.com

[connid = 6, 05/22 15:07:57.819, PROXY RESPONSE]
HTTP/1.0 200 Connection established

[connid = 6, 05/22 15:07:57.848, REQUEST]
GET / HTTP/1.0
ASA-Id: 3154dd355b054cd7bcce53b221377cd4
Connection: close
Accept-Charset: windows-1252, UTF-8, *
Date: Fri, 22 May 2015 13:07:57 GMT
User-Agent: SQLAnywhere/16.0.0.2003
Host: open.sap.com

[connid = 6, Error: socket closed by peer]
[connid = 6, socket closed]

The certificate File was generated on a linux host and contains

-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIQfxC167KWIoWsPC9AXZWVZzANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDQwODAwMDAwMFoX
DTE3MDQwODIzNTk1OVowdDELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1
ZXJ0dGVtYmVyZzERMA8GA1UEBwwIV2FsbGRvcmYxDDAKBgNVBAoMA1NBUDEQMA4G
A1UECwwHb3BlblNBUDEVMBMGA1UEAwwMb3Blbi5zYXAuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQFrcw+txxXP3HL55gCIXFPnyNZxTF2eDQC2
XssoF4BaoGNfl/zZrursTQDJEaepbSmGLbABSuLTkhvEGwGm0VVTjEuD0D8wG4AH
2f8vRxLqOf/GwYKVK1HiVaRL+FLbnbw4LTgViFk1Hmy4JIUIcVQjGyXjlQJ4Tyuz
kyWixbYUyzBYhBcsyHydhC+9h1ovUevqy0T8ZClJ4DHiSVO9rLa6C4C9HdP0l9su
juVRR9Yv05CdKliWAYodSN0ovMjLPPSKCe5yXcWM/ilLMun4eNZcB09qWF4/68sJ
03lHp+bbR8+PK/FtSlxQX/+HOaHK05oZ67gCxhOWu6gSkkUFkQIDAQABo4IBdzCC
AXMwKQYDVR0RBCIwIIIMb3Blbi5zYXAuY29tghB3d3cub3Blbi5zYXAuY29tMAkG
A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYX
aHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9k
LnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8w
KwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYI
KwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYG
CCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0B
AQsFAAOCAQEAOU/gpQE1jpduNeJc9r8RLvzuF8c++8dDL97GlAjOSRnPjqq5FAKt
SHbeMFhSYRTUuMrL2ySoLyblRyWTtYY2IOavNrFBGJ7RtQLcFoDdYjIm1PcgTHQE
M2kUdcReqE9yGgImtVpiv1ESxJbBSIQW/UFPWYRf7tRYaItf7EZJRCmzrxt51Kzg
Ky4QCMI1N4/7hocfZfitqAcK/L3LTisj2K941zo13n3sA9pQM7cm3SUKkMYqz5Jk
sTMchxC/6SCViFa/NI+qiWddcyEMv4q74ezquEJ1/RFGjynQZbYpIO48wYMObWYG
cdc1aYNU/fQWONZQWZ3GP3euL5rK8hYbpQ==
-----END CERTIFICATE-----
(22 May '15, 09:16) Thomas Dueme...
Replies hidden
Comment Text Removed

The root certificate should be:

http://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem

You can see this in the regular openssl s_client output:

1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5

(22 May '15, 11:05) Jeff Albion

So I don't use the .pem File I have created based on you command line? I use the downloaded one ? Or do I have to include both in the .pem 'file=c:\temp\opensapcom.pem' ? Thanks again.

(28 May '15, 10:23) Thomas Dueme...
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×25

question asked: 15 May '15, 10:34

question was seen: 3,671 times

last updated: 28 May '15, 10:23

Related questions

Does sqlanywhere version 12 support client certificate in web service?

MobiLink SSL encryption fails

How to download a file from internet using sql anywhere that requires a certificate?

Is Createcert Broken?

SA17.0.10: Error Parsing Certificate

How to download a file from internet using sql anywhere 11 that requires a certificate?

SA17 - certificate error

service through https

Does the SAP CommonCryptoLib make use of the operating system certificate store by default?

ultralitej https cert issue