Feedback
Did this article resolve your question/issue?

   

Article

SSL failure. error code -54: unable to get local issuer certificate after downloading all certificates and importing to DLC/certs.

« Go Back

Information

 
TitleSSL failure. error code -54: unable to get local issuer certificate after downloading all certificates and importing to DLC/certs.
URL NameSSL-failure-error-code-54-unable-to-get-local-issuer-certificate-after-downloading-all-certificates-and-importing-to-DLC-certs
Article Number000206594
EnvironmentProduct: OpenEdge
Version: 11.7
OS: AIX-7.1
Other: SSL
Question/Problem Description
SSL failure. error code -54: unable to get local issuer certificate after downloading all certificates and importing to DLC/certs.
Trying to make an API call to a server via ABL code and receiving SSL Failure error even with all certificates in the chain downloaded and imported to DLC/certs. 
 
Steps to Reproduce
Clarifying Information
- All trusted certificates in the chain from the server were downloaded using Chrome/view certificates as instructed in article Secure socket layer (SSL) failure. error code -54: unable to get local issuer certificate (9318) and imported to $DLC/Certs, however the SSL error pointing to a missing certificate continued to appear. 
- Qualys SSL Labs tool indicates that there is only one trusted certification path.
- Making the API call using Postman was successful. 
- The missing certificate shown in the SSL error was not listed in the server certificate chain.
- There was no wildcard designation in any of the certificates listed in the server certificate chain, however the server certificate details tab shows a wildcard defined in the Subject Alternative Name.  (DNS Name = *.<servername>.com)
- Using sslc works as expected with CApath parameter pointing to DLC/certs.

 
Error MessageSecure Socket Layer (SSL) failure. error code -54: unable to get local issuer certificate: for <cert#.0> in /sys/dlc117/certs (9318)
Defect Number
Enhancement Number
Cause
The servername parameter is not included in the request.  The application runs on a Cloud environment and when the connection is performed without the servername parameter, the connection is forwarded to a default server or subdomain which had configured a different server certificate that had expired. 

Once the servername parameter is specified, the connection is successful since the Http Client retrieves the correct server certificate. 
Resolution
Add servername parameter in the Http Client. 

Once the ServerNameIndicator was added to the to the ClientLibraryBuilder creation command, the API call to the webservice was successful. 
 
oLib = ClientLibraryBuilder:Build()
    :sslVerifyHost(NO)
    :ServerNameIndicator("<servername>.com")
    :library.

 
Workaround
Notes
Last Modified Date11/23/2021 9:41 PM
Attachment 
Files
Disclaimer The origins of the information on this site may be internal or external to Progress Software Corporation (“Progress”). Progress Software Corporation makes all reasonable efforts to verify this information. However, the information provided is for your information only. Progress Software Corporation makes no explicit or implied claims to the validity of this information.

Any sample code provided on this site is not supported under any Progress support program or service. The sample code is provided on an "AS IS" basis. Progress makes no warranties, express or implied, and disclaims all implied warranties including, without limitation, the implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample code is borne by the user. In no event shall Progress, its employees, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample code, even if Progress has been advised of the possibility of such damages.