I am currently using the RmNet library and calling the "HttpPost" routine to invoke a web service from a RM/COBOL application running on the AIX operating system. We would like to modify this to go over a more secure protocol SSL. I am not sure where to begin. Can I just change the request URL from http:// to https:// or are there more steps involved? It would be nice if it were that simple, but I doubt it! Has anyone done this? Any guidance would be greatly appreciated.
#SSL#RMCOBOL#RMNet#BISThere are a couple extra steps, to tell RmNet about the certificate authority bundle.
call "NetInit" giving response-status
call "NetSetSSLCA" using
"ca-bundle.crt" giving response-status.
...
call "HttpPost"
Note that RmNet is based upon the open source library libcurl. which is published here. There are several sources for a Certificate Authority bundle (ca-bundle.crt) on the web. One is included with the RmNet distribution.
Tom Morrison
Hill Country Software
I am currently using the RmNet library and calling the "HttpPost" routine to invoke a web service from a RM/COBOL application running on the AIX operating system. We would like to modify this to go over a more secure protocol SSL. I am not sure where to begin. Can I just change the request URL from http:// to https:// or are there more steps involved? It would be nice if it were that simple, but I doubt it! Has anyone done this? Any guidance would be greatly appreciated.
#SSL#RMCOBOL#RMNet#BISThe ca-bundle.crt file that is linked from the cURL web site is:
raw.githubusercontent.com/.../ca-bundle.crt
I am currently using the RmNet library and calling the "HttpPost" routine to invoke a web service from a RM/COBOL application running on the AIX operating system. We would like to modify this to go over a more secure protocol SSL. I am not sure where to begin. Can I just change the request URL from http:// to https:// or are there more steps involved? It would be nice if it were that simple, but I doubt it! Has anyone done this? Any guidance would be greatly appreciated.
#SSL#RMCOBOL#RMNet#BISThank you for the reply! So I can just use any .crt file? Or do I need to obtain a .crt file from the service I am trying to call?
I am currently using the RmNet library and calling the "HttpPost" routine to invoke a web service from a RM/COBOL application running on the AIX operating system. We would like to modify this to go over a more secure protocol SSL. I am not sure where to begin. Can I just change the request URL from http:// to https:// or are there more steps involved? It would be nice if it were that simple, but I doubt it! Has anyone done this? Any guidance would be greatly appreciated.
#SSL#RMCOBOL#RMNet#BISThank you for the reply! So I can just use any .crt file? Or do I need to obtain a .crt file from the service I am trying to call?
I am currently using the RmNet library and calling the "HttpPost" routine to invoke a web service from a RM/COBOL application running on the AIX operating system. We would like to modify this to go over a more secure protocol SSL. I am not sure where to begin. Can I just change the request URL from http:// to https:// or are there more steps involved? It would be nice if it were that simple, but I doubt it! Has anyone done this? Any guidance would be greatly appreciated.
#SSL#RMCOBOL#RMNet#BISNo, not just any .CRT file. It must be a file containing the certificates of one or more public certificate authorities (CA), including the CA that issued the server side certificate. The file must be in PEM format.
For the normal HTTPS scheme (where client-side certificates are not involved), you want the Certificate Authority bundle as described above. This bundle of certificate authorities allows RmNet to validate the certificate the server is sending to the client Again, this is what happens normally when using HTTPS. (And, to more fully respond to your original question, yes, you need to begin your URL with https:.).
If your web service requires a client-side certificate (which, during the HTTPS negotiation, the client sends to the server to validate the client's authenticity) then you have some more complexity, namely calling NetSetSSLCert.
