Error Help With Error 9318, 9407 And 11748

nicolas

Member
I have problems with a certificate with the SHA -2. I try to use a web service that has this algorithm, but I idncia errors 9318 , 9407 and 11748. I have reviewed the documentation in progress tried to export the PEM certs directory progress . but it has not worked .

How this problem is solved ?

Progress OpenEdge have v10.1C .Error 9318.png Error 9407.png Error 11748.png
 

nicolas

Member
I am consuming a web service. But they changed certificate SHA-2 and now tells me these 3 mistakes together.

Progress in the directory "progres/certs" there is a readme file that indicates that you must export the certificate cert directory with one of the certutil commands.

I'm using desktop version 10.1c progress

To which the certificate relates 7999be0d.0?
 

TheMadDBA

Active Member
You need to import the cert into Progress... using certutil. The Progress KB has several entries explaining the exact process.
 

RealHeavyDude

Well-Known Member
You need to get the root certificate from the WebService provider. When you import that root certificate into the Progress certificate store ( $DLC/certs ) with the certutil it will get the file name "7999be0d.0". I can't tell you how Progress is determining the file name though.

Heavy Regards, RealHeavyDude.
 

nicolas

Member
Thank you for your help
I am using 10.1c progress, consume a web service that previously could be used without problems. But now change the certificate to SHA-2 which certifying entity is Thawte.

Is the root certificate that you must export concern is to Thawte or Web service consumption ?. I understand that Thawte.
 

RealHeavyDude

Well-Known Member
When the Server ( the WebService ) presents it's SSL server certificate to the client to prove it's identity and to exchange the plublic key, the client needs to have the root certificate from the certificate authority to prove that the server is who it says it is. The certificate authority ( in your case Thawte ), by issuing the server certificate to the WebService, sort of guarantees that the WebService is legitimate. You, the client, need to pair the WebServices' server certicifate with the root certificate from the certificate authority. For that the root certificate needs to be present in the client's certificate store - which in Progress' case is located in $DLC/certs ( or %DLC%\certs when you are on Windows ). Progress povides the $DLC/bin/certutil ( which is a wrapper for OpenSSL ) to import certificates into the store.

Do not confuse $DLC/certs with $DLC/keys - the latter holds the SSL server certificates which can be use by the Progress Database and AppServer for example.

Heavy Regards, RealHeavyDude.
 
Top