Skip to main content

Problem:

Is the HTTPS protocol supported from a Web Service Client?

  

Resolution:

There is an Security Addpack available for Server Express 5.0 WrapPack 3 which adds SSL support to the product.  Currently (May 2007) this is only available for AIX pSeries. Both WrapPack 3 and the Security Addpack are available for download from the Supportline website:

http://supportline.microfocus.com/websync/sx50wp3unx.asp

There's comprehensive documentation and tutorials on setting-up security included in the addpack, however due to the complexity of SSL itself it's not a trivial task to get it configured and working.

You have to edit mf-client.dat (in $COBDIR/etc on Unix, in Base/Bin on Windows) to tell MFCC where to find the CA certificate(s) needed to validate the server's certificate.

If the server's certificate was signed using one of the commercial CA certificates we include in the AddPack, you can use the CARootCerts.pem file from the DemoCA directory. Your entry in mf-client.dat would look like:

    [SSL]

    root=/opt/microfocus/DemoCA/CARootCerts.pem

(possibly with a different path, depending on where the DemoCA directory was created when the AddPack was installed).

If the server's certificate was signed using our demo CA, as in the tutorials in the AddPack documentation, your entry in mf-client.dat would be something like:

    [SSL]

    root=/opt/microfocus/DemoCA/private/CARootcert.pem

(Note that "CARootCerts.pem" contains certificates for commercial CAs, while "private/CARootcert.pem" contains the certificate for the demo CA that's created when the AddPack is installed. It's rather confusing.)

If the server certificate was signed with a CA certificate that's not in either of those files, the best thing to do is export that CA certificate (or certificates, if it's a chain) to PEM format and append them to the ones in CARootCerts.pem, and use the result as your collection of root certificates:

$ cd /some/application/directory

$ cat /opt/microfocus/DemoCA/CARootCerts.pem my-CA-cert.pem > rootcerts.pem

and then edit mf-client.dat to specify:

    [SSL]

    root=/some/application/directory/rootcerts.pem

Old KB# 2159
Terms & ConditionsAccessibility statement