Hi,

I have a task at work to send a secure internet request to a particular credit reporting agency and receive and parse the response. We use UniData as our database and UniBasic as the programming language.

I've gotten it to work using the following UniBasic commands:

CMD.STATUS = createSecurityContext(SCONTEXT, '')
CMD.STATUS = addAuthenticationRule(SCONTEXT, 2, VerificationStrength', 'generous')
CMD.STATUS = createSecureRequest(URL, 'POST', RHANDLE, SCONTEXT)
CMD.STATUS = setRequestHeader(RHANDLE, 'Authorization', UID:":":PWD)
CMD.STATUS = addRequestParameter(RHANDLE, 'REQUEST', REQUEST.TEXT, 'application/x-www-form-urlencoded')
CMD.STATUS = submitRequest(RHANDLE, 30000, '', RHEADERS, RDATA, RSTATUS)

One of their requirements is that I validate the connection using their certificate. I've obtained their server certificate file and made it available to these commands. However, I'm new to the world of digital certificates. When I change the commands to the following, I get CMD.STATUS = 3 (Network error) returned from the submitRequest() command.

CMD.STATUS = createSecurityContext(SCONTEXT, '')
CMD.STATUS = addCertificate(CERT.PATH:'primaryca.cer',1,1,1,SCO NTEXT)
CMD.STATUS = addAuthenticationRule(SCONTEXT, 2, VerificationStrength', 'strict')
CMD.STATUS = createSecureRequest(URL, 'POST', RHANDLE, SCONTEXT)
CMD.STATUS = setRequestHeader(RHANDLE, 'Authorization', UID:":":PWD)
CMD.STATUS = addRequestParameter(RHANDLE, 'REQUEST', REQUEST.TEXT, 'application/x-www-form-urlencoded')
CMD.STATUS = submitRequest(RHANDLE, 30000, '', RHEADERS, RDATA, RSTATUS)

I'm hoping someone has had some experience with along these lines and can point out what I might be missing and/or doing wrong.

--SirGerald

I've been introduced to protocolLogging() and I now know the reason I'm getting the network error result. The reason stated is: "Reason: 19, self signed certificate in certificate chain".

Here are the commands as I have them now:

CMD.STATUS = protocolLogging(PROTOCOL.LOG.FILE, "ON", 10)
CMD.STATUS = createSecurityContext(SCONTEXT, 'SSLv3')
CMD.STATUS = addAuthenticationRule(SCONTEXT, 2, VerificationStrength', 'strict')
CMD.STATUS = addAuthenticationRule(SCONTEXT, 2, "PeerName", TRUSTED.NAMES)
CMD.STATUS = setAuthenticationDepth(SCONTEXT, 3, 2)
CMD.STATUS = setHTTPDefault("HEADERS", "")
CMD.STATUS = setHTTPDefault("VERSION", "1.1")
CMD.STATUS = setHTTPDefault("BUFSIZE", "4096")
CMD.STATUS = addCertificate(CERT.PATH:'primaryca.cer', 2, 1, 1, SCONTEXT)
CMD.STATUS = addCertificate(CERT.PATH:'subca1.cer',2,1,1, SCONTEXT)
CMD.STATUS = createSecureRequest(URL, 'POST', RHANDLE, SCONTEXT)
CMD.STATUS = setRequestHeader(RHANDLE, 'Authorization', UID:":":PWD)
CMD.STATUS = addRequestParameter(RHANDLE, 'REQUEST', REQUEST.TEXT, 'application/x-www-form-urlencoded')
CMD.STATUS = submitRequest(RHANDLE, 30000, '', RHEADERS, RDATA, RSTATUS)

What can be done to resolve the "Reason: 19, self signed certificate in certificate chain" problem? Or is it a problem of the certificate owner?

Thanks to some help from IBM Tech Support, here is what I've discovered to be my problem--and the solution.

The credit agency server has a series of three certificates in its chain and sends them all during the SSL handshaking. I was only adding the last one in the chain to my secure context when I should have been adding either just the first one or all three.

The certificate chain sent by the credit agency's server included the self-signed certificate issued by VeriSign (the top level cert). But I didn't have that certificate included in my context so it couldn't verify it--thus generating the error "self signed certificate in certificate chain". As soon as I added that certificate to my context everything worked great.

Hope this help someone else.