The site has the following chain of certificates:

- DigiCert Global Root CA (RSA, SHA256 / Digital Signature, Certificate Signing, CRL Signing)
- - DigiCert Global Root CA (RSA, SHA256 / Digital Signature, Certificate Signing, CRL Signing)
- - - DigiCert SHA2 Secure Server CA (RSA, SHA256 / Digital Signature, Key Encipherment)

However, these certificates do not work for 12.0.1.4436-server:
SQLCODE = -983, SQLSTATE = WW052, ERRORMSG() = HTTP request failed. Status code '<NONE>'

Similar behavior was described in:
How to download a file from internet using sql anywhere that requires a certificate?
How to download a file from internet using sql anywhere 11 that requires a certificate?

Tell me, please, which certificate can be used in web client procedure/function.

asked 07 Mar '17, 09:11

Ilia63's gravatar image

Ilia63
876374059
accept rate: 28%

Are you specifying the root certificate in the procedure definition?

(08 Mar '17, 09:17) Graeme Perrow
Replies hidden

Yes.


alter PROCEDURE sp_4sms()
    URL 'https://sms.dhcc.ae/...'
    TYPE 'HTTP:POST:application/x-www-form-urlencoded'
    CERTIFICATE 'certificate=
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----'


where certificate


X.509 Certificate


Common Name: DigiCert Global Root CA Country Code: US Organization: DigiCert Inc Organizational Unit: www.digicert.com Issuer: DigiCert Global Root CA Serial Number: 83be056904246b1a1756ac95991c74a Issued: Nov 10, 2006 3:00:00 Expires: Nov 10, 2031 3:00:00 Signature Algorithm: RSA, SHA1 Key Type: RSA Key Size: 2048 bits Basic Constraints: Is a certificate authority, path length limit: 0 Key Usage: Digital Signature, Certificate Signing, CRL Signing

(09 Mar '17, 03:23) Ilia63

Thanks for posting the procedure definition. I am seeing the same problem but all I can tell is that the SQLA HTTP server is shutting down the connection during the TLS handshake. We have no way to know why.

permanent link

answered 09 Mar '17, 15:39

Graeme%20Perrow's gravatar image

Graeme Perrow
8.9k375114
accept rate: 52%

edited 13 Mar '17, 08:16

Thanks.
Is this a singularity of this particular (DigiCert) certificate?
Is there a workaround to set the request for a site with such a certificate?

(13 Mar '17, 02:26) Ilia63

Don't you have to include the site certificate together with the root certificate ? I think I have heard that you have to provide both.

(13 Mar '17, 06:45) Thomas Dueme...

Sorry, there was a typo in my reply. The HTTP server is the one shutting down the connection, not the SQLA server. There may be a workaround but I'd have to know why the connection is being shut down first. You are specifying the correct certificate, as far as I can tell.

(13 Mar '17, 08:18) Graeme Perrow
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×33
×26

question asked: 07 Mar '17, 09:11

question was seen: 638 times

last updated: 13 Mar '17, 08:18