Connect AppServerDCS using .Net Open Client

Posted by mroberts@rev.com.au on 06-Oct-2016 15:16

.Net 4.5

OE11.6.3

Hi All,

I've been beating my head against a wall looking at documentation.  I have an appserver running with SSL enabled, and can connect fron WebClient OK using "-URL AppServerDCS://yada.com:port -nohostverify" ok.  I put the certificate in a path and add the -certstorepath to the webclient startup, and all is OK.

I have a .Net OpenClient proxy that currently can connect to AppServer without SSL, that is cool too.

But now I want the .Net open client to connect to the SSL appserver.

Connection oConn = new Connection("AppServerDCS://yada.com:26604/demo", "UserID, "Password", "");

oConn.SetProperty("PROGRESS.Session.NoHostVerify", "TRUE");

I get

Exception: A call to SSPI failed, see inner exception.

Exception: A call to SSPI failed, see inner exception.

SessionPool : NoAvailableSessions[Could not connect to the AppServer: General Error: Object reference not set to an instance of an object.. (7203) ]

The symptoms look the same as when I was trying SSL on Webclient, and did not have the certificate in the certstorepath.  No Available Sessions seems to be the default error for a myriad of connection sins!

But the OpenClient .Net does not have a certstorepath option (Java Does).

The documentation rabbit hole, the final bit I get to is

Microsoft .NET has its own method for managing digital certificates that you can use to access root certificates from the OpenEdge certificate store. For more information, see the Microsoft .NET documentation.

So I have loaded my root certificate and still get the error.

Has anyone else worked their magic on this one and got it to work.

Thanks.

Mark Roberts

OpenEdge Development - Forum
Posted by Brian K. Maher on 06-Oct-2016 17:20

Mark,
 
I can’t check the documentation right now, however, I think the following should not have quotes around the “TRUE”.
 
You can also set the RunTimeProperties.NoHostVerify = true instead.
 
Brian

All Replies

Posted by Brian K. Maher on 06-Oct-2016 17:20

Mark,
 
I can’t check the documentation right now, however, I think the following should not have quotes around the “TRUE”.
 
You can also set the RunTimeProperties.NoHostVerify = true instead.
 
Brian

Posted by mroberts@rev.com.au on 06-Oct-2016 19:39

Thanks Brian,

Tried both of those, and neither worked.

For the webclient, I have a file in the certstorepath called 0be8b7fe.0.  It was the magic that allowed the connection.

I tried variations of loading certificates to the windows PC running the .Net OpenClient and nothing has worked so far.

On the server I have the pem file in the keys directory and the .0 file in the certs directory.

In my (unfortunately limited) knowledge of SSL, I am confused about which one of these gets installed on the .Net client PC, and where it gets installed.

Mark

Posted by Brian K. Maher on 07-Oct-2016 04:28

Mark,
 
Open Client uses the Windows certificate functionality rather than ours (because an Open Client based app won’t typically have an OpenEdge installation on the machine).  Try importing the certificates into Windows itself and see what happens.
 
 
Brian
 

Posted by mroberts@rev.com.au on 10-Oct-2016 15:22

Thanks again Brian for your help,

Turns out my certificate was loaded OK, but in my pre-weekend brain fade, the appserver I was connecting to was 10.2B08 (not 11.6) ... a quiet weekend of reflection and systematic checking on Monday highlighted the bleeding obvious :)

For the record, that particular issue can be resolved by adding the following line

RunTimeProperties.SSLProtocols = "TLSv1";

The KBase entry for this issue shows a different error in the broker log than I was experiencing.

Also your solution was another of my problems, and the RunTimeProperties.NoHostVerify = true was the correct use of that parameter.

Thanks

Mark.

This thread is closed