Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / SSL Error calling a SO...
Small and medium business | Business Central, N...
Suggested answer

SSL Error calling a SOAP WebService with selfsigned certificate from AL

(1) ShareShare
ReportReport
Posted on by JJMc 288
Good morning all.
 
With this program:

page 50110 pruebas
{
PageType = Card;
ApplicationArea = All;
UsageCategory = Administration;
Caption = 'Pruebas Tesoralia';
layout
{
area(Content)
{
group(GroupName)
{
field(Url; gUrl)
{
ApplicationArea = All;
Caption = 'URL';
}
field(user;gUser)
{
ApplicationArea = All;
Caption = 'User';
}
field(pass;gPass)
{
ApplicationArea = All;
Caption = 'Pass';
}
}
}
}

actions
{
    area(Processing)
    {
        action(getToken03)
        {
            ApplicationArea = All;
            trigger OnAction()
            var
                client: HttpClient;
                content: HttpContent;
                response: HttpResponseMessage;
                headers: HttpHeaders;
                request: HttpRequestMessage;
                respuesta: Text;
            begin
                client.DefaultRequestHeaders.Add('SOAPAction', 'Login');
                content.WriteFrom(composeBody());
                content.GetHeaders(headers);
                headers.Remove('Content-Type');
                headers.Add('Content-Type', 'application/soap+xml; charset="utf-8"');
                request.Method := 'POST';
                request.SetRequestUri(gUrl);
                request.Content := content;
                if not client.Send(request, response) then
                    Error('Error en POST: %1', GetLastErrorText());
                if not response.IsSuccessStatusCode then
                    Error('%1:%2', response.HttpStatusCode, response.ReasonPhrase);
                response.Content.ReadAs(respuesta);
                Message(respuesta);
            end;
        }
    }
}
var
    gRestClient: Codeunit "Rest Client";
    gUrl: Text;
    gUser: Text;
    gPass: Text;

trigger OnOpenPage()
begin
    gUrl := 'https://api.tesoralia.com/FinancialOnline/Financial.svc';
    gUser := 'UserTest';
    gPass := 'PasswordTest';
end;

local procedure composeBody(): Text
var
    tb: TextBuilder;
begin
    tb.AppendLine('<Envelope xmlns="http://www.w3.org/2003/05/soap-envelope">');
    tb.AppendLine('  <Body>');
    tb.AppendLine('    <Login xmlns="http://Tesoralia/Services/Financial/1.0">');
    tb.AppendLine('      <request>');
    tb.AppendLine('        <Login>' + gUser + '</Login>');
    tb.AppendLine('        <Password>' + gPass + '</Password>');
    tb.AppendLine('      </request>');
    tb.AppendLine('    </Login>');
    tb.AppendLine('  </Body>');
    tb.AppendLine('</Envelope>');
    exit(tb.ToText());
end;
 

}

 

 

When executing the action GetToken3 regardles the user and password are correct or not, in OnPrem I get this error:
The SSL connection could not be established, see inner exception.
The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown, PartialChain, OfflineRevocation
 
In a SaaS environment it works properly
 
Thank you ever so much
Categories:
Dynamics 365 Business Central
  • Suggested answer
    VS-28080459-0 Profile Picture
    VS-28080459-0 18 on at
    SSL Error calling a SOAP WebService with selfsigned certificate from AL
    Instead, you can handle SSL certificate validation differently. Here are a few alternative approaches:
    Install the Certificate: Ensure the self-signed certificate is installed in the Trusted Root Certification Authorities store on the machine where the code is running.
     
    Use a Trusted Certificate: If possible, use a certificate issued by a trusted Certificate Authority (CA) to avoid these issues.
     
    Bypass SSL Validation: While not recommended for production, you can bypass SSL validation by configuring the HttpClient to ignore SSL errors. However, since AL doesn’t support ServerCertificateCustomValidationCallback, you might need to handle this differently, such as configuring the environment to trust the certificate.
     
    Custom AL Code: You might need to write custom AL code to handle the SSL validation. Unfortunately, AL doesn’t provide a direct way to bypass SSL validation like some other languages.
     
    Proxy Server: Use a proxy server that handles SSL termination. The proxy server can handle the SSL certificate validation, and your AL code can communicate with the proxy server over HTTP.
  • JJMc Profile Picture
    JJMc 288 on at
    SSL Error calling a SOAP WebService with selfsigned certificate from AL
     
    client.ServerCertificateCustomValidationCallback := (sender, cert, chain, sslPolicyErrors) => true;
     
    The previous line does not exist in AL
  • Suggested answer
    VS-28080459-0 Profile Picture
    VS-28080459-0 18 on at
    SSL Error calling a SOAP WebService with selfsigned certificate from AL
    Install the Self-Signed Certificate:
    Ensure that the self-signed certificate is installed in the Trusted Root Certification Authorities store on the machine where the code is running. This can help the system recognize the certificate as trusted.

    Bypass SSL Validation:
    While not recommended for production environments due to security risks, you can bypass SSL validation for testing purposes. In AL, you can use the HttpClient to ignore SSL errors by setting the ServerCertificateCustomValidationCallback property.
    Here’s an example of how you might modify your code to bypass SSL validation:
     
    client := HttpClient.Create();
    client.DefaultRequestHeaders.Add('SOAPAction', 'Login');
    client.ServerCertificateCustomValidationCallback := (sender, cert, chain, sslPolicyErrors) => true;
    content.WriteFrom(composeBody());
    content.GetHeaders(headers);
    headers.Remove('Content-Type');
    headers.Add('Content-Type', 'application/soap+xml; charset="utf-8"');
    request.Method := 'POST';
    request.SetRequestUri(gUrl);
    request.Content := content;
    if not client.Send(request, response) then
        Error('Error en POST: %1', GetLastErrorText());
    if not response.IsSuccessStatusCode then
        Error('%1:%2', response.HttpStatusCode, response.ReasonPhrase);
    response.Content.ReadAs(respuesta);
    Message(respuesta);
     
    Check Certificate Chain:
    Ensure that the entire certificate chain is available and trusted. Sometimes intermediate certificates are missing, which can cause validation issues.
     
    Revocation Check:
    The error mentions RevocationStatusUnknown and OfflineRevocation. Ensure that the machine can access the Certificate Revocation List (CRL) endpoints. If the machine is offline or cannot reach these endpoints, it might fail the revocation check.
     
    Use a Valid Certificate:
    If possible, use a certificate issued by a trusted Certificate Authority (CA) instead of a self-signed certificate. This can avoid many of these issues.
  • gdrenteria Profile Picture
    gdrenteria 12,338 Most Valuable Professional on at
    SSL Error calling a SOAP WebService with selfsigned certificate from AL

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

photo of Muhammad Affan

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

thumbnail image of a pie chart section

Top 10 leaders for November!

Congratulations to our November super stars!

thumbnail image of the word Tip

Tips for Writing Effective Verified Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,391 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,445 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans