[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: x.509 certificate question(s)

From: Scott Klement <sk@xxxxxxxxxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: x.509 certificate question(s)
Date: Tue, 14 Dec 2010 12:45:55 -0600
Hi Thomas,

More likely, the SSL handshake errors went away when you turned off SSL.

To be clear:

- https:// means "HTTP over SSL".
- http://  means HTTP (without SSL)

Since you're not using SSL, the following is true:

1) Will never get an SSL handshake error.
2) Will never get any sort of SSL error.
3) You aren't using x.509 certificates.
4) Access to the *SYSTEM certificate store (the file where x.509 
certificates are stored) is not needed, and is irrelevant.

So your SSL errors are gone (drumroll please) because you're not using 
SSL.  Which means you have solved them, or you may not.  You don't know, 
because you haven't tested it.  You aren't using SSL.

As for the 'No signature in message!' issue...  that's a message that's 
being returned from the web service.  A web service is a computer 
program, written by a computer programmer. That programmer can send any 
message he likes.  Don't expect me to know them all, especially if I've 
never worked with the particular web service!

Ask whomever is responsible for providing tech support for that web service.


On 12/14/2010 6:57 AM, Thomas Bishop wrote:
>
>     It's me again. I had to make do without SoapUI.
>     I have written a few of the programs to make web service calls for
>     various credit card transactions.
>     The non-secure calls work fine.  The calls that require an X.509
>     certificate fail.
>     I was told that the certificate was installed and the web services
>     server configured for our use.
>     Prior to the certificate being installed and access being granted to
>     the secure services I was receiving SSL handshake errors. I no longer
>     receive those errors so I assume the certificate has been installed
>     and the server has been configured to accept our requests.
>     The two web services I am attempting are both the same call except for
>     one word being different and one uses the x.509 certificate and the
>     other does not.
>     RegisterCreditCardForDataVaultToken requires the x.509 certificate and
>     RegisterCreditCardForTemporaryToken does not.
>     I initially had my URL as https:// for the secure call but was told I
>     would only need that when the app is moved to production so I now have
>     it as http://.  Using https:// resulted in SSL handshake errors so I
>     questioned the web service guys and was told to use http:// for
>     testing.
>     In the httpapi_debug file I copied the XML call that works to the line
>     above the XML line that fails and both are exact except for the words
>     Temporary and DataVault.
>     My question is do I need to add any additional values for the secure
>     call?  I don't think so but I am stumped on what else to look for.
>     This is the first time I have had to make secure web service calls.
>     I have the program do a DSPLY of data returned and for the failed call
>     I see:
>     faultstring
>     No signature in message! (from client)
>     env:Fault
>     I searched the archives but did not get a result for that message.
>     Does it mean my certificate data was not sent?  I read the ReadMe text
>     and verified my user id is authorized to "*SYSTEM certifcate store".
>     Below is the debug data.  The first call to
>     RegisterCreditCardForTemporaryToken worked and sent back a token
>     number. The call to RegisterCreditCardForDataVaultToken fails.
>     HTTPAPI Ver 1.23 released 2008-04-24
>     OS/400 Ver V5R4M0
>     New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819.
>     ProtLoc=0
>     http_persist_open(): entered
>     http_long_ParseURL(): entered
>     DNS resolver retrans: 2
>     DNS resolver retry  : 2
>     DNS resolver options: x'00000136'
>     DNS default domain: HUMANA.COM
>     DNS server found: 205.145.105.203
>     DNS server found: 205.145.66.111
>     http_persist_post(): entered
>     http_long_ParseURL(): entered
>     do_post(): entered
>     POST /es/DataVault/TokenServices/v1.0/TokenService HTTP/1.1
>     Host: 193.91.232.21:8010
>     User-Agent: http-api/1.23
>     Content-Type: text/xml
>     Expect: 100-continue
>     Content-Length: 473
>     SOAPAction:
>     http://schemas.humana.com/Services/DataVaultServices/TokenServices/v1.
>     0:registerCreditCardForTemporaryTokenIn
>     recvresp(): entered
>     HTTP/1.1 100 Continue
>     X-Note: Gateway Ack
>     SetError() #13: HTTP/1.1 100 Continue
>     senddoc(): entered
>     <?xml version="1.0" encoding="UTF-8"?><soap:Envelope
>     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>     xmlns:xsd="http://www.w3.org/2001/XMLSchema";
>     xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>  <soap:Body>
>     <RegisterCreditCardForTemporaryTokenRequest
>     xmlns="http://schemas.humana.com/Services/DataVaultServices/TokenServi
>     ces/v1.0">  <CreditCardNumber>4111111111111111</CreditCardNumber>
>     </RegisterCreditCardForTemporaryTokenRequest>
>     </soap:Body></soap:Envelope>
>     recvresp(): entered
>     HTTP/1.1 200 OK
>     X-Backside-Transport: OK OK
>     Connection: Keep-Alive
>     Transfer-Encoding: chunked
>     Cache-Control: no-cache, private
>     Content-Type: text/xml
>     Server: Microsoft-IIS/6.0
>     ServerName: 09
>     X-Powered-By: ASP.NET
>     X-AspNet-Version: 2.0.50727
>     Pragma: no-cache
>     Expires: Mon, 01 Jan 1990 12:00:00 GMT
>     Date: Tue, 14 Dec 2010 11:32:30 GMT
>     X-Client-IP: 193.111.35.204
>     Datapower: True
>     SetError() #13: HTTP/1.1 200 OK
>     recvdoc parms: chunked 0
>     header_load_cookies() entered
>     recvchunk(): entered
>     get_chunk_size(): entered
>     27
>     chunk size = 39
>     get_chunk_size returned 39
>     calling comm_blockread
>     <?xml version="1.0" encoding="UTF-8"?>
>     comm_blockread returned 39
>     get_chunk_size(): entered
>     1c0
>     chunk size = 448
>     get_chunk_size returned 448
>     calling comm_blockread
>     <soap:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema";
>     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>     xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><Reg
>     isterCreditCardForTemporaryTokenResponse
>     xmlns="http://schemas.humana.com/Services/DataVaultServices/TokenServi
>     ces/v1.0"><TemporaryCreditCardToken>9754318326711111</TemporaryCreditC
>     ardToken></RegisterCreditCardForTemporaryTokenResponse></soap:Body></s
>     oap:Envelope>
>     comm_blockread returned 448
>     get_chunk_size(): entered
>     0
>     chunk size = 0
>     get_chunk_size returned 0
>     http_close(): entered
>     http_persist_open(): entered
>     http_long_ParseURL(): entered
>     DNS resolver retrans: 2
>     DNS resolver retry  : 2
>     DNS resolver options: x'00000136'
>     DNS default domain: HUMANA.COM
>     DNS server found: 205.145.105.203
>     DNS server found: 205.145.66.111
>     http_persist_post(): entered
>     http_long_ParseURL(): entered
>     do_post(): entered
>     POST /es/DataVault/TokenServices/v1.0/TokenService HTTP/1.1
>     Host: 193.91.232.21:8010
>     User-Agent: http-api/1.23
>     Content-Type: text/xml
>     Expect: 100-continue
>     Content-Length: 473
>     SOAPAction:
>     http://schemas.humana.com/Services/DataVaultServices/TokenServices/v1.
>     0:registerCreditCardForDataVaultTokenIn
>     recvresp(): entered
>     HTTP/1.1 100 Continue
>     X-Note: Gateway Ack
>     SetError() #13: HTTP/1.1 100 Continue
>     senddoc(): entered
>     <?xml version="1.0" encoding="UTF-8"?><soap:Envelope
>     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>     xmlns:xsd="http://www.w3.org/2001/XMLSchema";
>     xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>  <soap:Body>
>     <RegisterCreditCardForDataVaultTokenRequest
>     xmlns="http://schemas.humana.com/Services/DataVaultServices/TokenServi
>     ces/v1.0">  <CreditCardNumber>4111111111111111</CreditCardNumber>
>     </RegisterCreditCardForDataVaultTokenRequest>
>     </soap:Body></soap:Envelope>
>     recvresp(): entered
>     HTTP/1.1 500 Internal Server Error
>     Content-Type: text/xml
>     X-Backside-Transport: FAIL FAIL
>     Connection: close
>     SetError() #13: HTTP/1.1 500 Internal Server Error
>     recvdoc parms: identity 0
>     header_load_cookies() entered
>     recvdoc(): entered
>     SetError() #0:
>     <?xml version="1.0" encoding="UTF-8"?>
>     <env:Envelope
>     xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";><env:Body><env:F
>     ault><faultcode>env:Client</faultcode><faultstring>No signature in
>     message! (from
>     client)</faultstring></env:Fault></env:Body></env:Envelope>
>     SetError() #13: HTTP/1.1 500 Internal Server Error
>     http_close(): entered
>     Thank you,
>     Thomas
>     The information transmitted is intended only for the person or entity
>     to which it is addressed and may contain CONFIDENTIAL material. If you
>     receive this material/information in error, please contact the sender
>     and delete or destroy the material/information.
>
>
>
>
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
References:
- x.509 certificate question(s)
  - From: Thomas Bishop
Prev by Date: RE: x.509 certificate question(s)
Next by Date: Re: cURL - FTPAPI
Previous by thread: Re: x.509 certificate question(s)
Next by thread: RE: x.509 certificate question(s)
Index(es):
- Date
- Thread