11.7.4 - SNI and WebService adapter

Posted by goo on 03-Dec-2018 07:55

We have setup our webservice adapter With https and unfortunately we are using wildcard certificate. Everything works swell in test, but in production we probably have a bit more strict setings (in production we are using Netscaler).

After several rounds with support, telling us that we need to upgrade from 11.6 to 11.7, since 11.7 has support for SNI, we so did, just to find out that it did not work. We still can't see if the webservice adapter is running or nto and we are not able to update the webservices using Openedge Explorer.

The errormessage: The https protocol connection failed: javax.net.ssl.SSLException

The message from support:

====================================

Unfortunetly the feedback I received from our development team is that OpenEdge only supports SNI for the ABL Client and our .NET Open Client.
This is also documented on https://documentation.progress.com/output/OpenEdge117/openedge117/#page/gspub%2Fopenedge-server-technology.html :

*Server Name Indication (SNI) Support — You can now add Server Name Indication (SNI) by setting parameters in the client’s CONNECT() method. It allows the client to add the hostname that it attempts to connect to during the handshake as a part of the TLS negotiation. It enables the server to select the required domain name and present the certificate with the correct name. It also allows the server to present multiple certificates on the same IP address and TCP port number and thus allow multiple secure (HTTPS) websites (or any other Service over TLS) to be served off the same IP address without requiring all those sites to use the same certificate.

I would therefore recommend to contact our OpenEdge product manager by submitting an idea as described in the article:......

===================================

Anyone having an idea how to fix this problem?

I find it pretty strange that I need to ask for a fix that Progress themself should understand that they need to fix? 

Anyway, it's only the Openedge Explorer that is the problem, the webservices runs with wildcard certificates, we just can't see it from Openedge Explorer.... 

All Replies

This thread is closed