Skip to main content

Hi All,

I've tried several times to create a secure connection to a webservice over https and failed every time I tried.

What have I done
From the documentation I gather that I need a file called ca-bundle.crt with the certificate from the webservice server. So I went to the site with the webservice and opened the certificate information and then chose Save to file to create a Base64 .cer file. I renamed this file to ca-bundle.crt and copied this to the usys folder (C:\\Program Files (x86)\\Uniface\\10.3\\common\\usys) as mentioned in the documentation. 

Now I tried to call the webservice using the UHTTP component. I get an error status -12 meaning 

An internal error occurred. If the request is an HTTPS request, the certification may be incorrectly configured. As an alternative, use the SET_FLAGS

When using set_flags(11) it works fine.


What am I doing wrong?

As mentioned I've failed several times using proper server validation. Can anyone tell me what I am doing wrong?


With kind regards,

John Bergsma

Hi All,

I've tried several times to create a secure connection to a webservice over https and failed every time I tried.

What have I done
From the documentation I gather that I need a file called ca-bundle.crt with the certificate from the webservice server. So I went to the site with the webservice and opened the certificate information and then chose Save to file to create a Base64 .cer file. I renamed this file to ca-bundle.crt and copied this to the usys folder (C:\\Program Files (x86)\\Uniface\\10.3\\common\\usys) as mentioned in the documentation. 

Now I tried to call the webservice using the UHTTP component. I get an error status -12 meaning 

An internal error occurred. If the request is an HTTPS request, the certification may be incorrectly configured. As an alternative, use the SET_FLAGS

When using set_flags(11) it works fine.


What am I doing wrong?

As mentioned I've failed several times using proper server validation. Can anyone tell me what I am doing wrong?


With kind regards,

John Bergsma

Hi John,

ca-bundle.crt contains public keys of root Certificate Authorities such as Verisign, Digicert etc. in PEM format (base64 encoded readable text), and shouldn't contain your server certificate. Once you have put it in place, you should only need to amend it to apply updates or add your own certificate authority if self-signed certificates.

How it is used
When you connect to a server over TLS (https:) the client Uniface process (using libcurl) checks that the presented server certificate is valid by ensuring that it has been signed by a Certificate Authority in its own bundle of root certificates (usys:ca-bundle.crt).

Getting ca-bundle.crt
You can download one from somewhere you trust (I usually use http://curl.haxx.se/ca/cacert.pem, but do your own checks!), rename it to ca-bundle.crt, and place it in the usys: folder or redirect it in the assignment file. With the right tools, you can also generate your own bundle from other sources.

Using the web service
If the Webservice doesn't additionally require client certificates, and you have configured your environment correctly (e.g. specified the SOP connector version and proxies etc. in USYS$SOP_PARAMS and opened the port if needed), you should be able to import the signature, e.g.

/sti /mwr=ws https://server/context/component?WSDL

Once compiled, you should be able to use the signature.

I often like to use a web service test tool to get familiar with a new service before importing into Uniface.

Kind Regards,
David Akerman
Subject Matter Expert, Uniface (UK)
P.S. This doesn't constitute an official Uniface response, just trying to help. 🙂

Hi John,

ca-bundle.crt contains public keys of root Certificate Authorities such as Verisign, Digicert etc. in PEM format (base64 encoded readable text), and shouldn't contain your server certificate. Once you have put it in place, you should only need to amend it to apply updates or add your own certificate authority if self-signed certificates.

How it is used
When you connect to a server over TLS (https:) the client Uniface process (using libcurl) checks that the presented server certificate is valid by ensuring that it has been signed by a Certificate Authority in its own bundle of root certificates (usys:ca-bundle.crt).

Getting ca-bundle.crt
You can download one from somewhere you trust (I usually use http://curl.haxx.se/ca/cacert.pem, but do your own checks!), rename it to ca-bundle.crt, and place it in the usys: folder or redirect it in the assignment file. With the right tools, you can also generate your own bundle from other sources.

Using the web service
If the Webservice doesn't additionally require client certificates, and you have configured your environment correctly (e.g. specified the SOP connector version and proxies etc. in USYS$SOP_PARAMS and opened the port if needed), you should be able to import the signature, e.g.

/sti /mwr=ws https://server/context/component?WSDL

Once compiled, you should be able to use the signature.

I often like to use a web service test tool to get familiar with a new service before importing into Uniface.

Kind Regards,
David Akerman
Subject Matter Expert, Uniface (UK)
P.S. This doesn't constitute an official Uniface response, just trying to help. 🙂

Hi David,


Thanks, this worked. I thought it should be the certificate of the webservice, but it must be a PEM file of a certificate organization. That bit is missing in the documentation, or I may have missed that part.


With kind regards,


John Bergsma

Terms & ConditionsAccessibility statement