I've imported the certificate, I've looked at all the Kbs, but it does not always return the error "Error in Secure Socket Layer (SSL) error code -54: unable to get local issuer certificate: for 2e5ac55d.0 in F: \ Progress11 \ oe11_32 \ certs (9318) "
I ran the test with other webservices and it works.
I took the test in Progress Openedge 10.2B and 11.6.3
Follow the source and log ssl;
DEFINE VARIABLE c_msg_erro_conexao AS CHARACTER NO-UNDO.
DEFINE VARIABLE i_cont AS INTEGER NO-UNDO.
DEFINE VARIABLE i_limite_proc AS INTEGER NO-UNDO.
DEFINE VARIABLE c_msg_erro_conexao_xml AS CHARACTER NO-UNDO.
/*************************************************************/
DEF VAR hWebService AS HANDLE NO-UNDO.
DEF VAR hIJobService AS HANDLE NO-UNDO.
DEF VAR v_conexao AS CHARACTER NO-UNDO.
DEFINE VARIABLE l-con AS LOGICAL NO-UNDO.
/*-sslSOAPProtocols TLSv1.2,TLSv1 -sslSOAPCiphers AES128-SHA,AES128-SHA256*/
ASSIGN v_conexao = "-WSDL qa.superbuy.com.br/webservices -WSDLUserid mrn -WSDLPassword teste -nohostverify -sslSOAPProtocols TLSv1.2,TLSv1,SSLv3 -sslSOAPCiphers AES128-SHA,AES128-SHA256" .
DEFINE VARIABLE hsb_dispatcherPortType AS HANDLE NO-UNDO.
CREATE SERVER hWebService.
l-con = hWebService:CONNECT(v_conexao) .
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- Progress SSL Certificate Verification
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- current depth = 1
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- Certificate version: 3
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- Valid from:160317164046Z - 210317164046Z
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- Public key is 71298736 bits
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- The Serial Number is:
AB
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- The issuer name is /O=Digital Signature Trust Co./CN=DST Root CA X3
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- The subject name is /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- Extension Count: 7
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 ERROR --- Certification verification failure.
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- reason=20
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 ERROR --- unable to get local issuer certificate
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- depth=1
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- X509 Name =/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 BIO --- write to 065653A8 [06616EA8] (7 bytes => 7 (0x7))
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 BIO --- contents of a BIO dump:
0000 - 15 03 01 00 02 02 30 ......0
>>> TLS 1.0 Alert [length 0002], fatal unknown_ca
02 30
[Sun Oct 15 12:42:58 2017] INTERNAL STATE OPERATION --- write:fatal:unknown CA
[Sun Oct 15 12:42:58 2017] INTERNAL STATE OPERATION --- SSL_connect:error in read server certificate B
[Sun Oct 15 12:42:58 2017] INTERNAL STATE OPERATION --- SSL_connect:error in read server certificate B
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 ERROR --- SSL Client handshake failure (-54) unable to get local issuer certificate: for 2e5ac55d.0 in F:\Progress11\oe11_32\certs
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 INFO --- Terminated SSL Client session
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 BIO --- ctrl to 065653A8 [06565798] (7 bytes => 0 (0x0))
[Sun Oct 15 12:42:58 2017] ID-0x065c4f08 CTX-0x0662fc70 BIO-0x065653a8 BIO --- contents of a BIO dump:
I'm not sure if "not always getting the error" means that for that particular certificate it fails sometimes, or that just for that certificate it fails, and works for other certificates.
In case it is the second option: this certificate fails, others run. I has a similar problem with a self-signed certificate where the "CA" name was different from the common-name.
I have no idea how that certificate end up the way it did, but the only solution was to make a new certificate, with all the fields properly filled.
Compare the failing certificate with a functional one, you should spot a certificate field that has an "unusual" value (or absence of it). In my case it was generated with an old (I presume) version of OpenSSL.
Good luck.
Problem is that Progress does not recognize SSL certificate of webservice you would like to access, right?
Having had nightmares with it like live critical service called from Progress suddenly stopped working due to certificate change on the other end I think that I can recommend typical actions.
First thing is most probably you imported wrong certificate.
You need usually only root cert but not always is needed root cert visible on certificate path.
Best approach is to google the same ID you have in error, in this case "2e5ac55d.0".
Doing that I found link to page:
www.identrust.com/.../root-download-x3.html
Then I did create a text file, put in first line like:
-----BEGIN CERTIFICATE-----
copied certificate contents there and then entered last line like:
-----END CERTIFICATE-----
Saved file as .cer and run command from ProEnv:
proenv>certutil -import c:\certs\identrust.cer
Got reply (note it has to be right, otherwise you got wrong cert):
Importing trusted certificate to alias name: 2e5ac55d
Also note that you need to import it everywhere your P or R code runs - on developer workstation, on Appserver on each client if you call it from GUI... Reason we use only Appserver to call services.