Genesys CTI User Forum

Genesys CTI User Forum => Genesys CTI Technical Discussion => Topic started by: FlashOX on February 04, 2010, 05:11:26 PM

Title: Routing Strategies : Web Service call over HTTPS
Post by: FlashOX on February 04, 2010, 05:11:26 PM

Hi,

I'm trying to call a Web Service inside a strategy (IRD). The remote Web Service is reachable in HTTPS.

I'm not able to find any documentation about activating HTTPS for Web Service calls in Genesys Documentation.

I have 2 certificates :
- The certification authority certificate : cacert.pem
- The signed certificate : signedcert.pem

I found 4 ".pem" files in the URS's installation folder :
- cacert.pem
- root.pem
- server.pem
- client.pem

It's obvious that I have to put the cacert.pem key in the same file located in the installation folder. Check.

But what about the signed certificate ? In which file do I have to put my key ?

Thanks for helping me.

--
FlashOX

Title: Re: Routing Strategies : Web Service call over HTTPS
Post by: René on February 04, 2010, 05:21:02 PM

Hi,

I think it should work without any configuration. Have you tried it?

R.

Title: Re: Routing Strategies : Web Service call over HTTPS
Post by: FlashOX on February 05, 2010, 01:54:15 PM

Hi René,

Thanks for your attention.

Actually, the authentication method is "Client Side Authentication", so I have to use the certificates given to me by the Web Service Server administrator (cacerts.pem and signedcert.pem).

Anyway, I tried without doing anything. It doesn't work  :-\

I found a page on Genesys's support site (Solution Search) which discuss this subject but it's incomplete. Here's the text :
[quote]
[b]Problem Description :[/b]
Cannot access web service from WebService block over HTTPS.
Getting error:
SSL verify error or warning with certificate at depth 0: unable to get local issuer certificate
[/quote]
[quote]
[b]Troubleshooting techniques :[/b]
In log file configured by http_log_file option look for the following error message:
SSL verify error or warning with certificate at depth 0: unable to get local issuer certificate
certificate issuer /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
certificate subject /C=AU/O=*.flybuys.com.au/OU=GT65380933/OU=See href="blabla">blabla/resources/cps (c)08/OU=Domain Control Validated - RapidSSL(R)/CN=*.flybuys.com.au
04/23/09@10:17:39.877">04/23/09@10:17:39.877: ERROR: Ref 27347 (SOAP): SOAP Fault, faultcode: 'SOAP-ENV:Client', faultstring: 'SSL_ERROR_SSL
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed', faultsubcode 'SOAP-ENV:Client', faultdetail 'SSL connect failed in tcp_connect()'
[/quote]

[quote]
[b]Root cause :[/b]
HTTP Bridge can't verify the certificate of the Certificate Authority, which issued the certificate to the Web Service.
[/quote]

[quote]
[b]Solution :[/b]
- Obtain current public certificate for the Certificate Authority (Base-64 encoded X.509) as indicated by error:

certificate issuer /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1

- Add this public certificate to the end of file  "cacert.pem" (all lines between BEGIN CERTIFICATE and END CERTIFICATE lines including those lines themselves). This file is located in URS installation directory.
[/quote]

Regards,

--
FlashOX