Using NotesHTTPRequest with Self Certified Target Fails

Mindwatering Incorporated

Author: Tripp W Black

Created: 11/21 at 01:25 AM

 

Category:
Domino Server Issues Troubleshooting
Other

Issue:
Wrote script to retrieve an HTTP request, via NotesHTTPRequest results in a SSL failure message.

Solution A:
Give the target a trusted (public/third-party SSL certificate).

Solution B:
If the server target has to use a self-certified certificate, you can workaround this issue by adding the CA PEM chain to the Domino server.

Part A: Get the self-certified CA (root) PEM chain
1. Navigate to the server.

2. Click the browser lock icon.

3. Choose the typically "More information" option to view the certificate.

4. Choose the the CA (root chain) PEM certificate and download it.

Part B: Download the cacert.pem file from the /local/notesdata folder to the local workstation with the downloaded self-certified cert in step A above.
1. Using FileZilla or some other tool, login as the notes users and download the file /local/notesdata/cacert.pem

2. Open both files in a text editor like Atom.

3. Copy the contents of the self certified CA chain -- typically two sections -- to the Domino cacert.pem file.

4. With a terminal session on the Domino server, make a copy of the Domino server's cacert.pem.
$ ssh notes@myserver.mindwatering.net
<enter password>
notes $ cd /local/notesdata/
notes $ cp cacert.pem cacert_backup.pem

5. Using Filezilla, transfer the update cacert.pem up to the Domino server. Take the option to overwrite the original file.

Try using the remote page again.
In our case with R11.0.1, we did NOT have to restart the HTTP services. The updated PEM contents were immediately available.






previous page