Durante o o desenvolvimento de um client de Web Service em que o servidor utiliza conexão segura (HTTPS), é necessário informar o arquivo de certificado de CA (Certification Authority) no formato PEM contendo toda a cadeia de certificados necessária.
O procedimento de geração do arquivo de CA informado no TDN funciona para a grande maioria dos casos, pois o navegador informa corretamente a cadeia de certificados. Mas existem algumas situações em que existe um nível acima do último nível informado no navegador e que não aparece no mesmo.
Nesses casos, para poder identificar qual é esse certificado faltante que o navegador não mostra é necessário utilizar a ferramenta de teste da biblioteca OpenSSL, a mesma utilizada pelo AppServer e SmartClient para fazer conexões SSL.
Abaixo será mostrado um exemplo sobre um caso desses, onde o navegador não mostra todos os certificados, a classe TWsdlManager não consegue conectar, e como fazer para gerar o certificado corretamente para conseguir fazer a conexão.
Exemplo
Para realizar a conexão com o Web Service apontado pela URL https://preproducao.roadcard.com.br/sistemapamcard/services/WSPamcard?wsdl, é verificado a cadeia de certificados pelo navegador e gerado o certificado de CA seguindo o procedimento informado no link acima.
Certificado de CA gerado usando o procedimento
-----BEGIN CERTIFICATE----- MIIEkjCCA3qgAwIBAgIQV0v38AmIyPKTTNM5SqAPHDANBgkqhkiG9w0BAQsFADBj MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE b21haW4gVmFsaWRhdGVkIFNTTDEeMBwGA1UEAxMVdGhhd3RlIERWIFNTTCBDQSAt IEcyMB4XDTE1MTEwNTAwMDAwMFoXDTE2MTExMDIzNTk1OVowJjEkMCIGA1UEAwwb cHJlcHJvZHVjYW8ucm9hZGNhcmQuY29tLmJyMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEArqIURBibg6c1jjs222U2K2OpiTuZ+N6nD+zHc/BZRNNAGE5d +IXQi3l9Qah18w8BErYrndwX1aXV8Txu6sv97AbvnkUaxPEDduenPs5ikBZSgqNZ AruYt91JOl5sVP6x7MBaop0UNfhIw3mDQmV9YnNbpOdar05JTzcKwk0PnR2Xz1mD Vi4/MBwrweCQSfhQy3e20i8ZoG2Ga0/q/3smwRtPZrE9HLg2Tm0+uKiLERh/u/v9 +KBpznBxgwzQiKH0c8/CuYkeCx0+JrluZtlY+vaPyf8l8RmoTXJOVx9CF+p8uuXY MSi9m3ufBWN1CF0f566oY7m7GDm4LndZ8HNiWwIDAQABo4IBfTCCAXkwJgYDVR0R BB8wHYIbcHJlcHJvZHVjYW8ucm9hZGNhcmQuY29tLmJyMAkGA1UdEwQCMAAwKwYD VR0fBCQwIjAgoB6gHIYaaHR0cDovL3RuLnN5bWNiLmNvbS90bi5jcmwwbgYDVR0g BGcwZTBjBgZngQwBAgEwWTAmBggrBgEFBQcCARYaaHR0cHM6Ly93d3cudGhhd3Rl LmNvbS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9y ZXBvc2l0b3J5MB8GA1UdIwQYMBaAFJ+4wals8vXAIiqU7VyZrNTs18YHMA4GA1Ud DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVwYIKwYB BQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdG4uc3ltY2QuY29tMCYGCCsG AQUFBzAChhpodHRwOi8vdG4uc3ltY2IuY29tL3RuLmNydDANBgkqhkiG9w0BAQsF AAOCAQEAI0fbPo5kDX/KG4qzJG6li0mlILSH17M4DrI6NJWwIkuJr3SMx6BPotQZ fMiWo8rew3PT1aVxrABtWFj5fZ/QMdr5Ck6Ek/rUeo23tdNwsT7bnkvO6anxnpIh JTSFYKkoh1pc7GuD3IJX2i9gcNbGKxg8eUuQU/xAhGt2y1tQt3LXvTrI+R8sxZRP E7BZq0rElROs3jdAndQ7WQ+BPoIMbrfGhQmy3R9GCB6/vlu+u4+MoRKzFDv+/vBT 4jZ/aCypIRQ8zF3/WYbEfQQH4rFbioaGOCWkzjlTXDYOFqZGqUt8ZJQng03d9Koo LCNFhJyUb/O8R4QepWFq/2h3NOR6cA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIE0jCCA7qgAwIBAgIQLGnhL2pnC9md0g+RnvCeUTANBgkqhkiG9w0BAQsFADCB qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTQwNjEwMDAwMDAwWhcNMjQw NjA5MjM1OTU5WjBjMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu MR0wGwYDVQQLExREb21haW4gVmFsaWRhdGVkIFNTTDEeMBwGA1UEAxMVdGhhd3Rl IERWIFNTTCBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 6pQHhchBLPaDEmySX6sfANSWb3TNLhHpbA85AblIkEA5TcSiyHlqpZq9kURld1St /yVf7kL7swIP6l163RpUntdzQpvMeV/FTfS3Cxg5IHrdUAFdNEVfTBEO9YcmJrSw 835xoDFxUIloWmOKFGLljDoWVQ0+66qAHXF644cHq72idM3aCAGdG8wniIxH1Gkl Qta7UG2FUNBIgg0In+kj40LGPJi4u27FcBPfGR0B/dK1TuZi9Af6a30Rd8RiT0BO pXiXqyxNDKd8w8RQMp/QcJsP//91WTSFrUnVNe5PW9TUNpWgfujFoRy9E0597mNq lhmZyKcqAOZRjUbrMFjoLQIDAQABo4IBOTCCATUwEgYDVR0TAQH/BAgwBgEB/wIB ADBBBgNVHSAEOjA4MDYGCmCGSAGG+EUBBzYwKDAmBggrBgEFBQcCARYaaHR0cHM6 Ly93d3cudGhhd3RlLmNvbS9jcHMwDgYDVR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEB BCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL3Quc3ltY2QuY29tMDEGA1UdHwQqMCgw JqAkoCKGIGh0dHA6Ly90LnN5bWNiLmNvbS9UaGF3dGVQQ0EuY3JsMCkGA1UdEQQi MCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTY5ODAdBgNVHQ4EFgQUn7jB qWzy9cAiKpTtXJms1OzXxgcwHwYDVR0jBBgwFoAUe1tFz6/Oy3r9MZIaarbzRutX SFAwDQYJKoZIhvcNAQELBQADggEBAFNU8keoAtfvqjV4vkoIDZAYS22eKlMr6VQX d3QpftA3BwW45Pq4tGOYRNzGT4EGjDq+xzBXxnD81pMZn8NV1z4fcoqdMFo1lzLL Y+TGct/7aMppL9vNUDg+K7urO4LH/UubvXxBmO8BU9g1jyXJAwbmnFfBUQ+e9n2T Tfh2yDpr9MSPMzJ/nSGENNmn+ZL6QZFhhAWdo3lGzmfngfJerEy8qKtqbRXinE5a 2WOAvPdC65pExoxrBja0izKJ3sLxqCaqqaz/6nGm54xB+hc1u7OHMamTwshY4QpO lYOcue07pe8I4HT5wxvmB6PuB9dCInkhoKHUHSbT0NamXStBwHk= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta 3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk 6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 /qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 jVaMaA== -----END CERTIFICATE-----
Uma vez com o arquivo gerado é criado o programa para fazer o parse da URL informada e exibir
Código para Web Service usando TWsdlManager
user Function tstwsdl()
Local oWsdl := TWsdlManager():New()
Local xRet
oWsdl:cSSLCACertFile := "\ca_site.pem"
xRet := oWsdl:ParseURL("https://preproducao.roadcard.com.br/sistemapamcard/services/WSPamcard?wsdl")
if xRet == .F.
conout( "Erro : " + oWsdl:cError )
else
conout( "Sucesso!" )
endif
return
Ao executar o programa acima, verifica-se que não foi possível conectar na URL informada por problemas com o certificado informado, conforme mostra a imagem abaixo.
Para resolver essa situação deve-se utilizar o programa de teste da biblioteca OpenSSL. O programa está anexado ao artigo, compactado e separado por plataforma. Nesse exemplo será usado a versão Windows 32 bits.
Descompacte o arquivo da plataforma desejada em uma pasta e copie o arquivo de certificado no mesmo lugar. Após isso, em um prompt de comando, execute o comando abaixo, que contém a URL até antes da primeira barra seguido da porta 443, que é a porta utilizada pelo HTTPS.
openssl s_client -showcerts -connect preproducao.roadcard.com.br:443
A saída da execução do programa será:
Loading 'screen' into random state - done CONNECTED(000001D8) depth=3 C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Services Division, CN = Thawte Premium Server CA, emailAddress = [email protected] verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/CN=preproducao.roadcard.com.br i:/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL CA - G2 -----BEGIN CERTIFICATE----- MIIEkjCCA3qgAwIBAgIQV0v38AmIyPKTTNM5SqAPHDANBgkqhkiG9w0BAQsFADBj MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE b21haW4gVmFsaWRhdGVkIFNTTDEeMBwGA1UEAxMVdGhhd3RlIERWIFNTTCBDQSAt IEcyMB4XDTE1MTEwNTAwMDAwMFoXDTE2MTExMDIzNTk1OVowJjEkMCIGA1UEAwwb cHJlcHJvZHVjYW8ucm9hZGNhcmQuY29tLmJyMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEArqIURBibg6c1jjs222U2K2OpiTuZ+N6nD+zHc/BZRNNAGE5d +IXQi3l9Qah18w8BErYrndwX1aXV8Txu6sv97AbvnkUaxPEDduenPs5ikBZSgqNZ AruYt91JOl5sVP6x7MBaop0UNfhIw3mDQmV9YnNbpOdar05JTzcKwk0PnR2Xz1mD Vi4/MBwrweCQSfhQy3e20i8ZoG2Ga0/q/3smwRtPZrE9HLg2Tm0+uKiLERh/u/v9 +KBpznBxgwzQiKH0c8/CuYkeCx0+JrluZtlY+vaPyf8l8RmoTXJOVx9CF+p8uuXY MSi9m3ufBWN1CF0f566oY7m7GDm4LndZ8HNiWwIDAQABo4IBfTCCAXkwJgYDVR0R BB8wHYIbcHJlcHJvZHVjYW8ucm9hZGNhcmQuY29tLmJyMAkGA1UdEwQCMAAwKwYD VR0fBCQwIjAgoB6gHIYaaHR0cDovL3RuLnN5bWNiLmNvbS90bi5jcmwwbgYDVR0g BGcwZTBjBgZngQwBAgEwWTAmBggrBgEFBQcCARYaaHR0cHM6Ly93d3cudGhhd3Rl LmNvbS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9y ZXBvc2l0b3J5MB8GA1UdIwQYMBaAFJ+4wals8vXAIiqU7VyZrNTs18YHMA4GA1Ud DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVwYIKwYB BQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdG4uc3ltY2QuY29tMCYGCCsG AQUFBzAChhpodHRwOi8vdG4uc3ltY2IuY29tL3RuLmNydDANBgkqhkiG9w0BAQsF AAOCAQEAI0fbPo5kDX/KG4qzJG6li0mlILSH17M4DrI6NJWwIkuJr3SMx6BPotQZ fMiWo8rew3PT1aVxrABtWFj5fZ/QMdr5Ck6Ek/rUeo23tdNwsT7bnkvO6anxnpIh JTSFYKkoh1pc7GuD3IJX2i9gcNbGKxg8eUuQU/xAhGt2y1tQt3LXvTrI+R8sxZRP E7BZq0rElROs3jdAndQ7WQ+BPoIMbrfGhQmy3R9GCB6/vlu+u4+MoRKzFDv+/vBT 4jZ/aCypIRQ8zF3/WYbEfQQH4rFbioaGOCWkzjlTXDYOFqZGqUt8ZJQng03d9Koo LCNFhJyUb/O8R4QepWFq/2h3NOR6cA== -----END CERTIFICATE----- 1 s:/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL CA - G2 i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA -----BEGIN CERTIFICATE----- MIIE0jCCA7qgAwIBAgIQLGnhL2pnC9md0g+RnvCeUTANBgkqhkiG9w0BAQsFADCB qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTQwNjEwMDAwMDAwWhcNMjQw NjA5MjM1OTU5WjBjMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu MR0wGwYDVQQLExREb21haW4gVmFsaWRhdGVkIFNTTDEeMBwGA1UEAxMVdGhhd3Rl IERWIFNTTCBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 6pQHhchBLPaDEmySX6sfANSWb3TNLhHpbA85AblIkEA5TcSiyHlqpZq9kURld1St /yVf7kL7swIP6l163RpUntdzQpvMeV/FTfS3Cxg5IHrdUAFdNEVfTBEO9YcmJrSw 835xoDFxUIloWmOKFGLljDoWVQ0+66qAHXF644cHq72idM3aCAGdG8wniIxH1Gkl Qta7UG2FUNBIgg0In+kj40LGPJi4u27FcBPfGR0B/dK1TuZi9Af6a30Rd8RiT0BO pXiXqyxNDKd8w8RQMp/QcJsP//91WTSFrUnVNe5PW9TUNpWgfujFoRy9E0597mNq lhmZyKcqAOZRjUbrMFjoLQIDAQABo4IBOTCCATUwEgYDVR0TAQH/BAgwBgEB/wIB ADBBBgNVHSAEOjA4MDYGCmCGSAGG+EUBBzYwKDAmBggrBgEFBQcCARYaaHR0cHM6 Ly93d3cudGhhd3RlLmNvbS9jcHMwDgYDVR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEB BCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL3Quc3ltY2QuY29tMDEGA1UdHwQqMCgw JqAkoCKGIGh0dHA6Ly90LnN5bWNiLmNvbS9UaGF3dGVQQ0EuY3JsMCkGA1UdEQQi MCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTY5ODAdBgNVHQ4EFgQUn7jB qWzy9cAiKpTtXJms1OzXxgcwHwYDVR0jBBgwFoAUe1tFz6/Oy3r9MZIaarbzRutX SFAwDQYJKoZIhvcNAQELBQADggEBAFNU8keoAtfvqjV4vkoIDZAYS22eKlMr6VQX d3QpftA3BwW45Pq4tGOYRNzGT4EGjDq+xzBXxnD81pMZn8NV1z4fcoqdMFo1lzLL Y+TGct/7aMppL9vNUDg+K7urO4LH/UubvXxBmO8BU9g1jyXJAwbmnFfBUQ+e9n2T Tfh2yDpr9MSPMzJ/nSGENNmn+ZL6QZFhhAWdo3lGzmfngfJerEy8qKtqbRXinE5a 2WOAvPdC65pExoxrBja0izKJ3sLxqCaqqaz/6nGm54xB+hc1u7OHMamTwshY4QpO lYOcue07pe8I4HT5wxvmB6PuB9dCInkhoKHUHSbT0NamXStBwHk= -----END CERTIFICATE----- 2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected] -----BEGIN CERTIFICATE----- MIIERTCCA66gAwIBAgIQM2VQCHmtc+IwueAdDX+skTANBgkqhkiG9w0BAQUFADCB zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl cnZlckB0aGF3dGUuY29tMB4XDTA2MTExNzAwMDAwMFoXDTIwMTIzMDIzNTk1OVow gakxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xKDAmBgNVBAsT H0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xODA2BgNVBAsTLyhjKSAy MDA2IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYD VQQDExZ0aGF3dGUgUHJpbWFyeSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEArKDw+4BZ1JzHpM+doVlzCRBFDA0sbmjxbFtIaElZN/wLMxnC d3/MEC2VNBzm600JpxzSuMmXNgK3idQkXwbAzESUlI0CYm/rWt0RjSiaXISQEHoN vXRmL2o4oOLVVETrHQefB7pv7un9Tgsp9T6EoAHxnKv4HH6JpOih2HFlDaNRe+68 0iJgDblbnd+6/FFbC6+Ysuku6QToYofeK8jXTsFMZB7dz4dYukpPymgHHRydSsbV L5HMfHFyHMXAZ+sy/cmSXJTahcCbv1N9Kwn0jJ2RH5dqUsveCTakd9h7h1BE1T5u KWn7OUkmHgmlgHtALevoJ4XJ/mH9fuZ8lx3VnQIDAQABo4HCMIG/MA8GA1UdEwEB /wQFMAMBAf8wOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEWGmh0dHBz Oi8vd3d3LnRoYXd0ZS5jb20vY3BzMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU e1tFz6/Oy3r9MZIaarbzRutXSFAwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2Ny bC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1TZXJ2ZXJDQS5jcmwwDQYJKoZIhvcN AQEFBQADgYEAhKhMyT4qvJrizI8LsiV3xGGJiWNa1KMVQNT7Xj+0Q+pjFytrmXSe Cajd1FYVLnp5MV9jllMbNNkV6k9tcMq+9oKp7dqFd8x2HGqBCiHYQZl/Xi6Cweiq 95OBBaqStB+3msAHF/XLxrRMDtdW3HEgdDjWdMbWj2uvi42gbCkLYeA= -----END CERTIFICATE----- 3 s:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected] i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected] -----BEGIN CERTIFICATE----- MIIDNjCCAp+gAwIBAgIQNhIilsXjOKUgodJfTNcJVDANBgkqhkiG9w0BAQUFADCB zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl cnZlckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIxMDEwMTIzNTk1OVow gc4xCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcT CUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNV BAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRo YXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1z ZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2 aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560 ZXUCTe/LCaIhUdib0GfQug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j +ao6hnO2RlNYyIkFvYMRuHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/ BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBlkKyID1bZ5jA01CbH0FDxkt5r1DmI CSLGpmODA/eZd9iy5Ri4XWPz1HP7bJyZePFLeH0ZJMMrAoT4vCLZiiLXoPxx7JGH IPG47LHlVYCsPVLIOQ7C8MAFT9aCdYy9X9LcdpoFEsmvcsPcJX6kTY4XpeCHf+Ga WuFg3GQjPEIuTQ== -----END CERTIFICATE----- --- Server certificate subject=/CN=preproducao.roadcard.com.br issuer=/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL CA - G2 --- No client certificate CA names sent --- SSL handshake has read 5035 bytes and written 423 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: CE9BE380484F7962FDC3369A2F15492DAA7A4A10818A05F94155421E5F2AA0C4 Session-ID-ctx: Master-Key: 736CD8521A3F6F456EDBD60AC0AF7B99CE661F5C6CFF49CF7E67AA8B3FF60B9709C59AA5E2005BAF26FFE26418D12C6D Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 9c c9 7b 79 46 fb 26 06-2e bc 4d f6 98 83 99 3e ..{yF.&...M....> 0010 - f7 cf 08 30 18 b7 b2 f3-24 2e ea 4e 77 cc 34 27 ...0....$..Nw.4' 0020 - 67 7d 5c e5 a7 42 78 d4-3d a0 dc f9 0d 53 a2 9e g}\..Bx.=....S.. 0030 - 07 19 63 a0 e0 bf fa 11-2c 6e c8 1a ab 93 75 8c ..c.....,n....u. 0040 - ea 09 03 69 ff d1 1e 48-ea ef 15 79 dc 7d 91 4f ...i...H...y.}.O 0050 - 12 89 d2 15 65 ec 88 0d-38 92 4c 5a ce 2a 45 23 ....e...8.LZ.*E# 0060 - 29 65 16 9a 8a b6 8d fb-2a b0 00 f2 57 35 5b d3 )e......*...W5[. 0070 - d1 ae 0a 75 e1 22 c2 67-0f 51 d2 cc d1 94 46 ac ...u.".g.Q....F. 0080 - 82 77 3a ee 49 c8 25 67-03 45 f9 61 44 be 3c a5 .w:.I.%g.E.aD.<. 0090 - 6c 42 8c 2f c5 fb 1a 69-b4 b9 c9 03 5f 2a f2 93 lB./...i...._*.. 00a0 - 50 c2 24 c1 3b 7e 54 60-7e 6f e4 98 fa df 94 b2 P.$.;~T`~o...... 00b0 - 1d 7e b9 ba b9 4a 41 1a-5f 25 64 c2 cd 5c 23 de .~...JA._%d..\#. Start Time: 1453481934 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) ---
Como pode ser observado na saída acima, são necessários 4 certificados para realizar a conexão, e não 3, como informado pelo navegador. Não se preocupe com o código de retorno informado ao fim da execução, pois ele não será necessário para resolver esse problema.
Para resolver essa situação, deve-se copiar os certificados em um novo arquivo na ordem em que eles aparecem na saída, ficando como mostrado abaixo.
Certificado de CA gerado usando ferramenta de OpenSSL
-----BEGIN CERTIFICATE----- MIIEkjCCA3qgAwIBAgIQV0v38AmIyPKTTNM5SqAPHDANBgkqhkiG9w0BAQsFADBj MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE b21haW4gVmFsaWRhdGVkIFNTTDEeMBwGA1UEAxMVdGhhd3RlIERWIFNTTCBDQSAt IEcyMB4XDTE1MTEwNTAwMDAwMFoXDTE2MTExMDIzNTk1OVowJjEkMCIGA1UEAwwb cHJlcHJvZHVjYW8ucm9hZGNhcmQuY29tLmJyMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEArqIURBibg6c1jjs222U2K2OpiTuZ+N6nD+zHc/BZRNNAGE5d +IXQi3l9Qah18w8BErYrndwX1aXV8Txu6sv97AbvnkUaxPEDduenPs5ikBZSgqNZ AruYt91JOl5sVP6x7MBaop0UNfhIw3mDQmV9YnNbpOdar05JTzcKwk0PnR2Xz1mD Vi4/MBwrweCQSfhQy3e20i8ZoG2Ga0/q/3smwRtPZrE9HLg2Tm0+uKiLERh/u/v9 +KBpznBxgwzQiKH0c8/CuYkeCx0+JrluZtlY+vaPyf8l8RmoTXJOVx9CF+p8uuXY MSi9m3ufBWN1CF0f566oY7m7GDm4LndZ8HNiWwIDAQABo4IBfTCCAXkwJgYDVR0R BB8wHYIbcHJlcHJvZHVjYW8ucm9hZGNhcmQuY29tLmJyMAkGA1UdEwQCMAAwKwYD VR0fBCQwIjAgoB6gHIYaaHR0cDovL3RuLnN5bWNiLmNvbS90bi5jcmwwbgYDVR0g BGcwZTBjBgZngQwBAgEwWTAmBggrBgEFBQcCARYaaHR0cHM6Ly93d3cudGhhd3Rl LmNvbS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9y ZXBvc2l0b3J5MB8GA1UdIwQYMBaAFJ+4wals8vXAIiqU7VyZrNTs18YHMA4GA1Ud DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVwYIKwYB BQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdG4uc3ltY2QuY29tMCYGCCsG AQUFBzAChhpodHRwOi8vdG4uc3ltY2IuY29tL3RuLmNydDANBgkqhkiG9w0BAQsF AAOCAQEAI0fbPo5kDX/KG4qzJG6li0mlILSH17M4DrI6NJWwIkuJr3SMx6BPotQZ fMiWo8rew3PT1aVxrABtWFj5fZ/QMdr5Ck6Ek/rUeo23tdNwsT7bnkvO6anxnpIh JTSFYKkoh1pc7GuD3IJX2i9gcNbGKxg8eUuQU/xAhGt2y1tQt3LXvTrI+R8sxZRP E7BZq0rElROs3jdAndQ7WQ+BPoIMbrfGhQmy3R9GCB6/vlu+u4+MoRKzFDv+/vBT 4jZ/aCypIRQ8zF3/WYbEfQQH4rFbioaGOCWkzjlTXDYOFqZGqUt8ZJQng03d9Koo LCNFhJyUb/O8R4QepWFq/2h3NOR6cA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIE0jCCA7qgAwIBAgIQLGnhL2pnC9md0g+RnvCeUTANBgkqhkiG9w0BAQsFADCB qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTQwNjEwMDAwMDAwWhcNMjQw NjA5MjM1OTU5WjBjMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu MR0wGwYDVQQLExREb21haW4gVmFsaWRhdGVkIFNTTDEeMBwGA1UEAxMVdGhhd3Rl IERWIFNTTCBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 6pQHhchBLPaDEmySX6sfANSWb3TNLhHpbA85AblIkEA5TcSiyHlqpZq9kURld1St /yVf7kL7swIP6l163RpUntdzQpvMeV/FTfS3Cxg5IHrdUAFdNEVfTBEO9YcmJrSw 835xoDFxUIloWmOKFGLljDoWVQ0+66qAHXF644cHq72idM3aCAGdG8wniIxH1Gkl Qta7UG2FUNBIgg0In+kj40LGPJi4u27FcBPfGR0B/dK1TuZi9Af6a30Rd8RiT0BO pXiXqyxNDKd8w8RQMp/QcJsP//91WTSFrUnVNe5PW9TUNpWgfujFoRy9E0597mNq lhmZyKcqAOZRjUbrMFjoLQIDAQABo4IBOTCCATUwEgYDVR0TAQH/BAgwBgEB/wIB ADBBBgNVHSAEOjA4MDYGCmCGSAGG+EUBBzYwKDAmBggrBgEFBQcCARYaaHR0cHM6 Ly93d3cudGhhd3RlLmNvbS9jcHMwDgYDVR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEB BCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL3Quc3ltY2QuY29tMDEGA1UdHwQqMCgw JqAkoCKGIGh0dHA6Ly90LnN5bWNiLmNvbS9UaGF3dGVQQ0EuY3JsMCkGA1UdEQQi MCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTY5ODAdBgNVHQ4EFgQUn7jB qWzy9cAiKpTtXJms1OzXxgcwHwYDVR0jBBgwFoAUe1tFz6/Oy3r9MZIaarbzRutX SFAwDQYJKoZIhvcNAQELBQADggEBAFNU8keoAtfvqjV4vkoIDZAYS22eKlMr6VQX d3QpftA3BwW45Pq4tGOYRNzGT4EGjDq+xzBXxnD81pMZn8NV1z4fcoqdMFo1lzLL Y+TGct/7aMppL9vNUDg+K7urO4LH/UubvXxBmO8BU9g1jyXJAwbmnFfBUQ+e9n2T Tfh2yDpr9MSPMzJ/nSGENNmn+ZL6QZFhhAWdo3lGzmfngfJerEy8qKtqbRXinE5a 2WOAvPdC65pExoxrBja0izKJ3sLxqCaqqaz/6nGm54xB+hc1u7OHMamTwshY4QpO lYOcue07pe8I4HT5wxvmB6PuB9dCInkhoKHUHSbT0NamXStBwHk= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIERTCCA66gAwIBAgIQM2VQCHmtc+IwueAdDX+skTANBgkqhkiG9w0BAQUFADCB zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl cnZlckB0aGF3dGUuY29tMB4XDTA2MTExNzAwMDAwMFoXDTIwMTIzMDIzNTk1OVow gakxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xKDAmBgNVBAsT H0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xODA2BgNVBAsTLyhjKSAy MDA2IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYD VQQDExZ0aGF3dGUgUHJpbWFyeSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEArKDw+4BZ1JzHpM+doVlzCRBFDA0sbmjxbFtIaElZN/wLMxnC d3/MEC2VNBzm600JpxzSuMmXNgK3idQkXwbAzESUlI0CYm/rWt0RjSiaXISQEHoN vXRmL2o4oOLVVETrHQefB7pv7un9Tgsp9T6EoAHxnKv4HH6JpOih2HFlDaNRe+68 0iJgDblbnd+6/FFbC6+Ysuku6QToYofeK8jXTsFMZB7dz4dYukpPymgHHRydSsbV L5HMfHFyHMXAZ+sy/cmSXJTahcCbv1N9Kwn0jJ2RH5dqUsveCTakd9h7h1BE1T5u KWn7OUkmHgmlgHtALevoJ4XJ/mH9fuZ8lx3VnQIDAQABo4HCMIG/MA8GA1UdEwEB /wQFMAMBAf8wOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEWGmh0dHBz Oi8vd3d3LnRoYXd0ZS5jb20vY3BzMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU e1tFz6/Oy3r9MZIaarbzRutXSFAwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2Ny bC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1TZXJ2ZXJDQS5jcmwwDQYJKoZIhvcN AQEFBQADgYEAhKhMyT4qvJrizI8LsiV3xGGJiWNa1KMVQNT7Xj+0Q+pjFytrmXSe Cajd1FYVLnp5MV9jllMbNNkV6k9tcMq+9oKp7dqFd8x2HGqBCiHYQZl/Xi6Cweiq 95OBBaqStB+3msAHF/XLxrRMDtdW3HEgdDjWdMbWj2uvi42gbCkLYeA= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDNjCCAp+gAwIBAgIQNhIilsXjOKUgodJfTNcJVDANBgkqhkiG9w0BAQUFADCB zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl cnZlckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIxMDEwMTIzNTk1OVow gc4xCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcT CUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNV BAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRo YXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1z ZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2 aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560 ZXUCTe/LCaIhUdib0GfQug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j +ao6hnO2RlNYyIkFvYMRuHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/ BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBlkKyID1bZ5jA01CbH0FDxkt5r1DmI CSLGpmODA/eZd9iy5Ri4XWPz1HP7bJyZePFLeH0ZJMMrAoT4vCLZiiLXoPxx7JGH IPG47LHlVYCsPVLIOQ7C8MAFT9aCdYy9X9LcdpoFEsmvcsPcJX6kTY4XpeCHf+Ga WuFg3GQjPEIuTQ== -----END CERTIFICATE-----
Após a criação do arquivo, altera-se o programa para utilizar esse novo arquivo criado e executa-o.
Código para Web Service usando TWsdlManager
user Function tstwsdl()
Local oWsdl := TWsdlManager():New()
Local xRet
oWsdl:cSSLCACertFile := "\ca_openssl.pem"
xRet := oWsdl:ParseURL("https://preproducao.roadcard.com.br/sistemapamcard/services/WSPamcard?wsdl")
if xRet == .F.
conout( "Erro : " + oWsdl:cError )
else
conout( "Sucesso!" )
endif
return
Uma vez com o certificado correto o desenvolvimento do client do Web Service pode continuar normalmente.
A partir da build 7.00.131227A com data de geração superior a 20/01/2016 foi criada uma nova propriedade, lSSLInsecure, que permite a conexão SSL anônima, caso o servidor permita.
O programa alterado para utilizar essa propriedade e sua saída são mostrados abaixo.
Código para Web Service usando SSL anônimo da TWsdlManager
user Function tstwsdl()
Local oWsdl := TWsdlManager():New()
Local xRet
oWsdl:lSSLInsecure := .T.
xRet := oWsdl:ParseURL("https://preproducao.roadcard.com.br/sistemapamcard/services/WSPamcard?wsdl")
if xRet == .F.
conout( "Erro : " + oWsdl:cError )
else
conout( "Sucesso!" )
endif
return
OpenSSL utilizada
OpenSSL versão 1.0.1m
Veja também
Visão Geral
Import HTML Content
Conteúdo das Ferramentas
Tarefas