Skip to main content

Using RMNet with SSL to make HTTPS calls to web service

  • September 17, 2015
  • 5 replies
  • 0 views
D

I am currently using the RmNet library and calling the "HttpPost" routine to invoke a web service from a RM/COBOL application running on the AIX operating system.  We would like to modify this to go over a more secure protocol SSL.  I am not sure where to begin.  Can I just change the request URL from http:// to https:// or are there more steps involved?  It would be nice if it were that simple, but I doubt it!  Has anyone done this?  Any guidance would be greatly appreciated. 


#SSL
#RMCOBOL
#RMNet
#BIS

5 replies

Thomas Morrison
  • Thomas Morrison
  • Participating Frequently
  • September 17, 2015

I am currently using the RmNet library and calling the "HttpPost" routine to invoke a web service from a RM/COBOL application running on the AIX operating system.  We would like to modify this to go over a more secure protocol SSL.  I am not sure where to begin.  Can I just change the request URL from http:// to https:// or are there more steps involved?  It would be nice if it were that simple, but I doubt it!  Has anyone done this?  Any guidance would be greatly appreciated. 


#SSL
#RMCOBOL
#RMNet
#BIS

There are a couple extra steps, to tell RmNet about the certificate authority bundle.

           call "NetInit" giving response-status
           call "NetSetSSLCA" using
               "ca-bundle.crt" giving response-status. 
           ...

           call "HttpPost"

Note that RmNet is based upon the open source library libcurl. which is published here.  There are several sources for a Certificate Authority bundle (ca-bundle.crt) on the web.  One is included with the RmNet distribution.

Tom Morrison
Hill Country Software

Tom Morrison, Consultant, South Carolina, USA
Thomas Morrison
  • Thomas Morrison
  • Participating Frequently
  • September 17, 2015

I am currently using the RmNet library and calling the "HttpPost" routine to invoke a web service from a RM/COBOL application running on the AIX operating system.  We would like to modify this to go over a more secure protocol SSL.  I am not sure where to begin.  Can I just change the request URL from http:// to https:// or are there more steps involved?  It would be nice if it were that simple, but I doubt it!  Has anyone done this?  Any guidance would be greatly appreciated. 


#SSL
#RMCOBOL
#RMNet
#BIS

The ca-bundle.crt file that is linked from the cURL web site is:

raw.githubusercontent.com/.../ca-bundle.crt

Tom Morrison, Consultant, South Carolina, USA
D

I am currently using the RmNet library and calling the "HttpPost" routine to invoke a web service from a RM/COBOL application running on the AIX operating system.  We would like to modify this to go over a more secure protocol SSL.  I am not sure where to begin.  Can I just change the request URL from http:// to https:// or are there more steps involved?  It would be nice if it were that simple, but I doubt it!  Has anyone done this?  Any guidance would be greatly appreciated. 


#SSL
#RMCOBOL
#RMNet
#BIS

Thank you for the reply!  So I can just use any .crt file?  Or do I need to obtain a .crt file from the service I am trying to call?

D

I am currently using the RmNet library and calling the "HttpPost" routine to invoke a web service from a RM/COBOL application running on the AIX operating system.  We would like to modify this to go over a more secure protocol SSL.  I am not sure where to begin.  Can I just change the request URL from http:// to https:// or are there more steps involved?  It would be nice if it were that simple, but I doubt it!  Has anyone done this?  Any guidance would be greatly appreciated. 


#SSL
#RMCOBOL
#RMNet
#BIS

Thank you for the reply!  So I can just use any .crt file?  Or do I need to obtain a .crt file from the service I am trying to call?

Thomas Morrison
  • Thomas Morrison
  • Participating Frequently
  • September 17, 2015

I am currently using the RmNet library and calling the "HttpPost" routine to invoke a web service from a RM/COBOL application running on the AIX operating system.  We would like to modify this to go over a more secure protocol SSL.  I am not sure where to begin.  Can I just change the request URL from http:// to https:// or are there more steps involved?  It would be nice if it were that simple, but I doubt it!  Has anyone done this?  Any guidance would be greatly appreciated. 


#SSL
#RMCOBOL
#RMNet
#BIS

No, not just any .CRT file.  It must be a file containing the certificates of one or more public certificate authorities (CA), including the CA that issued the server side certificate. The file must be in PEM format.

For the normal HTTPS scheme (where client-side certificates are not involved), you want the Certificate Authority bundle as described above.  This bundle of certificate authorities allows RmNet to validate the certificate the server is sending to the client  Again, this is what happens normally when using HTTPS.  (And, to more fully respond to your original question, yes, you need to begin your URL with https:.).

If your web service requires a client-side certificate (which, during the HTTPS negotiation, the client sends to the server to validate the client's authenticity) then you have some more complexity, namely calling NetSetSSLCert.

Tom Morrison, Consultant, South Carolina, USA

Recent badge winners

Explore all badges
Terms & ConditionsAccessibility statement