I got this working on SA12 and SA16, but some of out clients still use SA11 and in there it does not work neither using the root sertificate nor the ones I found on United Nations website. I need to get UN Blacklist XML periodically, same as Kumar back in 2009, however since 2015-10-14 UN website requires a certificate so I specify certificate like this:
where instead of
However it works using versions 12.0.1.4231 and 16.0.0.2127 if root certificate from COMODO is provided. Log file says this:
Please help. |
After some more testing I find out that the only certificate working with SA11 is the one issued for *.un.org: With SA12 only the AddTrustExternalCARoot from Comodo website works. And with SA16 You can use either same AddTrustExternalCARoot certificate as SA12 or the root COMODO SECURE⢠certificate found on United Nations website: |
The versions of 12.0.1 and 16 you are testing with use the OpenSSL security library whereas version 11 only ever used the Certicom libraries. So it is possible the certificate is not compatable with Certicom and you may not be able to get past this with the verson 11.0.x software.
I believe the -988 error is usually related to a failure during the TLS-handshake (V12 and V16 would have shown more details). A wireshark trace would help to confirm that. But if that is the case then the specific TLS error (or sequence of packets) will be important to be identified from the trace.
The certificate itself, it is a newer style one and was created for the whole UN organizations (*.un.org) and not for just 1 server/purpose. If memory serves me such a multi-purpose certificate might not work with the Certicom libraries. But I don't have version 11.0.1 handy should haven't seen what is happening in your case.