Please be aware that the content in SAP SQL Anywhere Forum will be migrated to the SAP Community in June and this forum will be retired.

I got this working on SA12 and SA16, but some of out clients still use SA11 and in there it does not work neither using the root sertificate nor the ones I found on United Nations website.

I need to get UN Blacklist XML periodically, same as Kumar back in 2009, however since 2015-10-14 UN website requires a certificate so I specify certificate like this:

URL ''
CERTIFICATE 'cert=!cert';

where instead of !cert I put Base-64 encoded certificate string that I got from UN site using Google Chrome or the root certificate I got from COMODO, I get the following error on SQL Anywhere version and

Invalid response from the HTTP server
SQLCODE=-988, ODBC 3 State="HY000"

However it works using versions and if root certificate from COMODO is provided.

Log file says this:

[connid = 20, 12/28 11:57:39.648]
[connid = 20, 12/28 11:57:39.648, REQUEST]
GET /sc/resources/files/consolidated.xml HTTP/1.0
Connection: close
ASA-Id: ed349e147ee948e6968bc918326c4f3a
Accept-Charset: windows-1257, UTF-8, *
Date: Mon, 28 Dec 2015 09:57:39 GMT
User-Agent: SQLAnywhere/

[connid = 20, Error: socket closed by peer]
[connid = 20, socket closed]

Please help.

asked 28 Dec '15, 07:37

Valdas's gravatar image

accept rate: 83%

edited 28 Dec '15, 07:41

The versions of 12.0.1 and 16 you are testing with use the OpenSSL security library whereas version 11 only ever used the Certicom libraries. So it is possible the certificate is not compatable with Certicom and you may not be able to get past this with the verson 11.0.x software.

I believe the -988 error is usually related to a failure during the TLS-handshake (V12 and V16 would have shown more details). A wireshark trace would help to confirm that. But if that is the case then the specific TLS error (or sequence of packets) will be important to be identified from the trace.

The certificate itself, it is a newer style one and was created for the whole UN organizations (* and not for just 1 server/purpose. If memory serves me such a multi-purpose certificate might not work with the Certicom libraries. But I don't have version 11.0.1 handy should haven't seen what is happening in your case.

(30 Dec '15, 05:36) Nick Elson S...

After some more testing I find out that the only certificate working with SA11 is the one issued for *

* certificate

With SA12 only the AddTrustExternalCARoot from Comodo website works.

And with SA16 You can use either same AddTrustExternalCARoot certificate as SA12 or the root COMODO SECUREā„¢ certificate found on United Nations website:

COMODO SECURE certificate

permanent link

answered 21 Apr '16, 02:03

Valdas's gravatar image

accept rate: 83%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 28 Dec '15, 07:37

question was seen: 2,840 times

last updated: 21 Apr '16, 02:03