Hello,
I'd like to import in $DLC/certs the chain for a Let's encrypt certificate. For example, https://ci.rssw.eu
Using Chrome, I was able to export the two root entries (DST root X3 then Let's Encrypt Root) in CER format, and imported them successfully in $DLC/certs (using $DLC/bin/certutil). Then if I execute a CONNECT function to this site, I'm getting
Secure Socket Layer (SSL) failure. error code -54: certificate has expired: for 4f06f81d.0 in /opt/dlc-11.7/certs (9318)
Connection failure for host ci.rssw.eu port 443 transport HTTPS. (9407)
Application server connect failure. (5468)
Certificate is not expired for sure... For what it's worth, it's a wildcard certificate, and I'm using 11.7 (unpatched), so that *should* be supported.
Anybody knows what I'm doing wrong ?
Hi
I've had a similair problem last week. Using "ServerNameIndicator" fixed it for me!
https://knowledgebase.progress.com/articles/Article/Secure-Socket-Error-code-54-certificate-has-expired-even-though-certificate-appears-to-be-valid
Hi
I've had a similair problem last week. Using "ServerNameIndicator" fixed it for me!
https://knowledgebase.progress.com/articles/Article/Secure-Socket-Error-code-54-certificate-has-expired-even-though-certificate-appears-to-be-valid
Hi. Maybe this error is related to your current version, I'm using 11.7.5 and works fine with your url.
IIRC the problem usually arises when there's more than 1 secure domain is served on one server (and it has to do with server name indication). The problem is that 11.7.0 doesn't support it. The nohostverify suggestion is a bad one, because it removes essential steps in setting up secure communications.
I solved this once by setting up an instance of Apache httpd which can act as a forward proxy. Let Apache handle the TLS/SSL stuff.
That's a very old thread !
IIRC, I had to use ServerNameIndicator and fix a configuration issue on the server.
Reason I reopened the thread was, because I faced the same problem and noticed that it was unanswered.
Setting ServerNameIndicator fixed it for me as well