HTTPS under LINUX environment

Paolo_Cherici · September 13, 2022, 2:22pm

Hi Everyone,
we are struggling trying to convert a Natural program containing an HTTP (Post) call via REQUEST DOCUMENT statement in HTTPS format; someone has experienced something similar to put light in the dark? Someone could confirm wheter the use of HTTPS is possible under a Linux environment with OPENSSL or it’s just z/os matter ?

Sag Manual explains how to set User & Passw in the WITH clause but I always receive error NAT8304 HTTP Request failed. Reason Request error: -1

Dev environment is NaturalOne 9.1.1. while target environment will be natural v. 6.3.8

Thanks for any public contribution on this matter.

Paolo Cherici
LSE

What product/components do you use and which version/fix level are you on?

Is your question related to the free trial, or to a production (customer) instance?

What are you trying to achieve? Please describe it in detail.

Do you get any error messages? Please provide a full error message screenshot and log file.

Have you installed all the latest fixes for the products and systems you are using?

Douglas_Kelly · September 16, 2022, 11:32pm

Are you able to run the program SYSEXV/V5-RDOC0? Give it a URL like https://www.google.com - does that work? Give it the URL you are trying to reach - what is the result?

if you use openssl s_client to connect to the URL, does it use a public certificate authority or a self-signed certificat? From the Natural server’s Linux command line enter:
openssl s_client -connect <url> < /dev/null
for example:
openssl s_client -connect empower.softwareag.com:443 < /dev/null
returns (just showing the first few lines):

CONNECTED(00000003)
depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Extended Validation CA - SHA256 - G3
verify return:1
depth=0 businessCategory = Private Organization, serialNumber = HRB 1562, jurisdictionC = DE, jurisdictionL = Darmstadt, jurisdictionST = Hessen, C = DE, ST = Hessen, L = Darmstadt, street = Uhlandstr. 12, OU = IT, O = Software Aktiengesellschaft, CN = empower.softwareag.com
verify return:1

View the certificates the server sends, particularly “depth=1” such as:

CONNECTED(00000208)
Can't use SSL_get_servername
depth=0 CN = some-server
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = some-server
verify return:1

If these list “self signed certificate” then the server’s certificate issuer is probably not in the Linux default certificate truststore. If so, you need to have the server’s certificate issuer (CA) added to your truststore.

There are many possibilities as to what can cause the HTTPS request to fail, so review the results of the openssl s_client test, and, if you want further assistance, please post the results of the openssl test and the REQUEST DOCUMENT program (or a small program that reproduces the problem) here.

Paolo_Cherici · September 21, 2022, 9:31am

Thank you very much Douglas for your precious hints. It is the first HTTPS call made directly from Natural and indeed seems there are some problems in our client (and server) configuration sothat Request Command are not functioning correctly.
Even when I’m using SYSEXV/V5-RDOC0 to reach a simple http server as http://empower.softwareag.com I get “Natural error NAT8304 occurred.” . Strangely other natural program using HTTP calls looks working correctly in our NatOne dev. I sent your post to our system admin in order to scope our current situation.
Many thanks again…
Paolo

system · March 20, 2023, 9:32am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.