Hi everyone!
I'm trying to install a private certificate with SSL, but i'm not sure where or how to install it so that Progress detect him.
What i've done:
-Install the .p12 cert in Internet Options > Content > Certs (on Windows XP, where ir run Progress client)
-Convert .p12 to .pem and install/take with mkhashfile on Proenv
After doing this, I have the same error message like if I didn't do anything of previous steps.
Please, any type of information will be util.
Really thanks, and sorry for my bad english.
Hi Brian!
The certificate are in DLC\certs, I didn't clarify this, because I supose that on the 2 step that I have done. I take a look into the directory, and yes, it is in there.
Anyway, you told me do this with the 'certutil' command, and I did this with the 'mkhashfile' command, 'cause the first command give me an error. ("No Perl script found in input")
Brian,
I'm running on Windows XP 32 bit, and I have not Perl installation on my machine. (That's because doesn't exists any current version available for Win XP)
Brian,
I have installed Progress 11.3.
This is all the info I have from my OpenEdge Installation:
Product Name : Progress
Install Path : C:\dlc11
Version : 11.3
Service Pack : 00
Temp. Fix : 00
Build : 1232
The License info is:
Product Name: Progress Dev Studio OE
Installation Date: Wed Aug 17 09:49:24 2016
User Limit: 1
Expiration Date: None
Serial Number: 006017633
Control Numbers: XXXXX - XXXXX - XXXXX
Version Number: 11.3
Machine Class: KB
Port Number: 31
Product Name: OE Studio
Installation Date: Wed Aug 17 09:49:24 2016
User Limit: 1
Expiration Date: None
Serial Number: 006017634
Control Numbers: XXXXX - XXXXX - XXXXX
Version Number: 11.3
Machine Class: KB
Port Number: 31
On the other hand, I have another machine with Windows installation and Progress 11.3.
I going to try that when a come back to work tomorrow.
Really thanks! I will update you tomorrow.
Hi Brian!
I already tried in other computer, but I had the same result :/
Do you have another suggestion? Thanks!
What I done was:
-Position me on the DLC\bin location from windows console.
-Try to execute 'certutil -import C:\desarrollo\xgtw.cer', also try 'certutil -format PEM -import C:\desarrollo\xgtw.cer', but both of them return the same error message. ("No perl script found in input").
That is why I installed it with the mkhashfile command.
1) From Windows start menu on a machine where you have a full installation select the “Proenv” icon (a command prompt will be opened).
2) In the command prompt type “prompt $P$G” and press enter (this will show the directory & makes things easier).
3) Copy your certificate to %DLC%\certs (i.e. copy my.cer %DLC%\certs).
4) Run “certutil -import my.cer” (where my.cer will be changed to your certificate file name).
5) Zip up the %DLC%\certs directory.
6) Bring the zip file over the the Windows XP machine.
7) Backup the existing %DLC%\certs directory on the XP machine.
8) Extract the zip file into the %DLC%\certs directory (look at the directory after you are done to ensure that the unzip did not add an extra directory level, if it did you need to fix that).
Great, I just tried that.
Arrive until step 4, where give me an error.
What I did was:
1) From Windows start menu on a machine where I have a full installation select the “Proenv” icon.
2) In the command prompt I typed “prompt $P$G” and pressed enter.
3) I copied my certificate to %DLC%\certs whit the line 'copy mycert.pem C:\DLC\certs'.
4) I runed “certutil -import mycert.pem”.
5) After this step, I got the "No perl script found in input" error message.
I don't have "Perl" subdirectory on the installation directory.
The entire list of installed productos are:
-AppBuilder
-Application Complier
-Client
-Config
-Data Administration
-Data Dicitionary
-Desktop
-Help
-License Update
-Progress Explorer Tool
-Release Notes
-Uninstall
In the OpenEdge 11.3 subdirectory
-4GL Batch Engine
-Add Components
-AppBuilder
-Application Compiler
-Audit Policy Maintenance
-Character Client
-Client
-Data Administration
-Data Dictionary
-Database Administration Console
-Debugger
-Desktop
-Developer Studio
-Developer Studio - Clean
-Help
-Licence Info
-Licence Update
-OpenEdge Explorer
-Proenv
-Proxy Generator
-Release Notes
-SpeedStart
-Uninstall OpenEdge
-Version info
My version of Windows is: Windows XP 32-bit.
When I installed Progress, I did like Administrator user. (The same user that I use every day)
And I selected "custom install".
Oh, okay. The info in Config are:
Configuration File: C:\DLC\PROGRESS.CFG
Company Name: LASA
Product Name: Progress Dev Studio OE
Installation Date: Wed Aug 17 09:49:24 2016
User Limit: 1
Expiration Date: None
Serial Number: 000000000
Control Numbers: XXXXX - XXXXX - XXXXX
Version Number: 11.3
Machine Class: KB
Port Number: 31
Product Name: OE Studio
Installation Date: Wed Aug 17 09:49:24 2016
User Limit: 1
Expiration Date: None
Serial Number: 000000000
Control Numbers: XXXXX - XXXXX - XXXXX
Version Number: 11.3
Machine Class: KB
Port Number: 31
Hhmmm, I'd like that we find another solution first, due to I'm sure that I don't change anything when installed it.
I only selected "custom installation" to see the installation details.
There aren't another way to install only the Perl directory?
Ow, okay.
Waiting for you answer. Tomorrow I'll going to try whatever you tell me to do. Thanks!
Hi Brian!
Okay, thanks about that. I'm reinstalling Progress right now with "Complete installation" option this time.
In twenty I will update you.
Brian,
I already reinstalled Progress, and yes you was right, now there is Perl, because the certutil comando works.
Just done of importing the certificates, but my Progress program still doesn't detect him. (I already checked that the .0 files appear in DLC\certs) :/
Sorry about discomfort, waiting for your answer.
I'm just connecting the Web service that needs the certificate in progress with the connect: sentence, I supose that certs are implicit visibles.
The problem is, that after importing the certificates, the program shows the same error message, witch indicate me that certs are not visible for Progress yet.
I think that it be impossible that I give you the certificate, due to is private from an organization, and you'll going to need the credentials :|
Anyway, continuing with the case, I'm trying to use the sslc command from Proenv prompt, but... What value would replace the s_client part of the command line?
Alejandro,
As Brian mentioned: we need the details for the public certificate. We do not need the private key information.
As Brian aslo mentioned, you have to make sure you import all intermediate certs and the ROOT CA cert into DLC/certs.
Importing just the .p12 may not be enough, it depends on how the certificate was created.
The best way to troubleshoot this is to launch your prowin from a proenv session. Prior to launching prowin, set the following environment variable:
proenv>set SSLSYS_DEBUG_LOGGING=5
This will create a cert.client.log in the working directory that will provide details on the handshake.
Attach that for review along with the exact error message the ABL client gets.
Thanks,
Paul
Ohww, sorry, I already understanded the command and I executed him.
but while is processing, an error message appear and says something like "Windows has found a problem in sslc, and it going to shutdown the application." With the 'send' and 'not send' options.
With the 'send' and 'not send' options.
Sorry about that :/
This error doesn't have importance, is an windows error.
Just said.
Now I'm trying with the Paul response. (Thanks Paul by the way).
How can I do to set SSLSYS_DEBUG_LOGGING=5 in Proenv and then open prowin to execute my progress program with the WS connection?
Okay, god. Now, where is the log file?
The log file isn't there, anyway I did a search in my entire disk and doesn't exist that file.
I suspect that the process isn't generating the log file.
Just to be sure, the process would be; open Proenv, and execute the line 'set SSLSYS_DEBUG_LOGGING=5' then execute the line 'prowin32.exe', here is opening the prowin, then I choose 'AppBuilder' in tools option, and then open my .w screen file, and run the process which give me the error.
At this point the log file it's already generated? Or I have to do something else?
I'm not sure why it is not generated or why the sslc is not working. It might be time to open a support case with us so we can dig deeper into these issues. Did you ever provide the exact error the ABL client receives? Also, is this a private or public webservice? If public, can your provide the url?
Brian and Paul,
really thanks, but I think that is not necessary to open a case for this.
If you want to keep helping me with this inconvenient from here good, if not, don't worry. Thanks anyway.
Answering to Paul, the Web Service it's private. That's why I don't provide you with de url, because doesn't has sense.
Okay Brian, thanks for everything! I will post the answer, if I find the solution of course.