I need to get UN Blacklist XML periodically, same as Kumar back in 2009, however since 2015-10-14 UN website requires a certificate so if I use function proposed by Dmitri and used by Thomas Duemesnil:
I get the following error:
And if I specify certificate like this:
where instead of
Log file says this:
In version 16.0.0.2127 I get this error:
And the log file looks almost same:
I also tried to provide certificate as a file as suggested by Jeff Albion like:
Same result in both SA 12 and SA 16, with all 3 certificates I found on UN page. I Also installed OpenSSL client, downloaded certificate using Jeff Albions command, got same certificate as using Google Chrome just with Please help. |
I feel ashamed, I had almost exact same problem a while ago while trying to solve another problem - SOAP Error, Response truncated to 1024 characters. That was a SQL Anywhere bug, if was fixed, but there I found out that since version 12.0.1.3994 they switched from Certicom to OpenSSL (What impact will the switch to OpenSSL have on SQL Anywhere strong encryption?) and now I need a root certificate for TLS handshake to succeeded, so after some googling I found the root certificate of COMODO (there is a list of them available at their knowledge base) and now everything works! Therefore, I cannot just download the certificate from www.un.org-server :^( ...
(29 Oct '15, 08:51)
Ilia63
Works on SA12 and SA16 but not SA11, made a new post for that, if anyone has any ideas please share.
(28 Dec '15, 07:39)
Valdas
|
Just a very wild guess:
As TLS error code 19 seems to mean "self signed certificate in certificate chain" - is there such a certificate in use? Do you supply all three certificates in one file?
I also have unsolvable problems with COMODO-certificates & certificates chain (12.0.1.3537, 12.0.1.4314), like:
Common Name: COMODO RSA Organization Validation Secure Server CA
Signature Algorithm: RSA, SHA384
Possibly, an error occurs as described in the 16th version:
If a certificate used one of a number of algorithms (including SHA256, SHA384, and SHA512) for signing, SQL Anywhere would not have been able to use it for TLS or HTTPS. An error code of 12357 or 12394 may have been displayed. This has been fixed.
In 16.0.0.2178 for certificates chain:
X.509 Certificate
Common Name: *.un.org
Signature Algorithm: RSA, SHA256
Key Type: RSA
Key Size: 2048 bits
Basic Constraints: Is not a certificate authority
Key Usage: Digital Signature, Key Encipherment
X.509 Certificate
Common Name: COMODO RSA Organization Validation Secure Signature Algorithm: RSA, SHA384
Key Type: RSA
Key Size: 2048 bits
Basic Constraints: Is a certificate authority, path length limit: 0
Key Usage: Digital Signature, Certificate Signing, CRL Signing
X.509 Certificate
Common Name: COMODO RSA Certification Authority
Signature Algorithm: RSA, SHA384
Key Type: RSA
Key Size: 4096 bits
Basic Constraints: Is a certificate authority, path length limit: 0
Key Usage: Certificate Signing, CRL Signing
The secure connection to the remote host failed: The TLS handshake failed, error code 19