Http Certs

Homepage Clovertech Forums Cloverleaf Http Certs

  • Creator
    Topic
  • June 15, 2020 at 5:25 pm #117145
    Michael Sierra
    Participant

    We connect to the CHIRP website with a curl command in a tclscript. We do not use the https-client protocol thread as there were a ton of other issues with it. We recently started getting error when connecting to CHIRP and the vendor confirmed we are using a cert that expired recently. After working with one of our server engineers on this they noticed that there are two versions of curl on the server: one in the root directory and one in the integrator. He noticed that when using curl from the root we can successfully connect to CHIRP, but when we connect using curl from integrator we get the cert expired error. However they are both pointed to /etc/pki/tls/certs/ca-bundle.cr. We believe the expired cert is still cached somewhere in the integrator. Is anyone of where the cert might be stored so we can remove it? I added screenshots comparing a successful and failed curl call and comparison of the curl locations.

     

    Also does anyone know if Infor has documentation on this? I tried to find it with no luck but hoping someone knows of something.

    Attachments:
    You must be logged in to view attached files.
  • Creator
    Topic
Viewing 1 reply thread
  • Author
    Replies
    • June 15, 2020 at 5:41 pm #117149
      Rob Abbott
      Keymaster

      It’s possible the cURL version that is shipped with Cloverleaf 6.1 is old and uses an old cipher set that CHIRP doesn’t like.

      If you are specifically pointing at a cert I don’t think there’s anything cert-related that is cached in the command-line version of curl.

      Check the curl versions on the o/s and in Cloverleaf and see if they match (curl –version).

      Rob Abbott
      Cloverleaf Emeritus

    • June 16, 2020 at 12:56 pm #117151
      Michael Sierra
      Participant

      It looks like we are actually using TCLCurl in the script itself. I don’t know much about cipher sets but we were able to connect to CHIRP without issue until the cert expired in May so I would think if CHIRP had an issue with that then it wouldn’t have ever worked but I’m not sure.

       

      The curl versions are different. I attached screenshots. But what could be happening differently between the curl versions for one to work and one to fail even if they are pointed to the same ca bundle?

      Attachments:
      You must be logged in to view attached files.
  • Author
    Replies
Viewing 1 reply thread
  • You must be logged in to reply to this topic.

Forum Statistics

Registered Users
5,129
Forums
28
Topics
9,301
Replies
34,448
Topic Tags
288
Empty Topic Tags
10