web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / SSL Error calling a SO...
Small and medium business | Business Central, N...
Suggested Answer

SSL Error calling a SOAP WebService with selfsigned certificate from AL

(1) ShareShare
ReportReport
Posted on by JJMc 291
Good morning all.
 
With this program:

page 50110 pruebas
{
PageType = Card;
ApplicationArea = All;
UsageCategory = Administration;
Caption = 'Pruebas Tesoralia';
layout
{
area(Content)
{
group(GroupName)
{
field(Url; gUrl)
{
ApplicationArea = All;
Caption = 'URL';
}
field(user;gUser)
{
ApplicationArea = All;
Caption = 'User';
}
field(pass;gPass)
{
ApplicationArea = All;
Caption = 'Pass';
}
}
}
}

actions
{
    area(Processing)
    {
        action(getToken03)
        {
            ApplicationArea = All;
            trigger OnAction()
            var
                client: HttpClient;
                content: HttpContent;
                response: HttpResponseMessage;
                headers: HttpHeaders;
                request: HttpRequestMessage;
                respuesta: Text;
            begin
                client.DefaultRequestHeaders.Add('SOAPAction', 'Login');
                content.WriteFrom(composeBody());
                content.GetHeaders(headers);
                headers.Remove('Content-Type');
                headers.Add('Content-Type', 'application/soap+xml; charset="utf-8"');
                request.Method := 'POST';
                request.SetRequestUri(gUrl);
                request.Content := content;
                if not client.Send(request, response) then
                    Error('Error en POST: %1', GetLastErrorText());
                if not response.IsSuccessStatusCode then
                    Error('%1:%2', response.HttpStatusCode, response.ReasonPhrase);
                response.Content.ReadAs(respuesta);
                Message(respuesta);
            end;
        }
    }
}
var
    gRestClient: Codeunit "Rest Client";
    gUrl: Text;
    gUser: Text;
    gPass: Text;

trigger OnOpenPage()
begin
    gUrl := 'https://api.tesoralia.com/FinancialOnline/Financial.svc';
    gUser := 'UserTest';
    gPass := 'PasswordTest';
end;

local procedure composeBody(): Text
var
    tb: TextBuilder;
begin
    tb.AppendLine('<Envelope xmlns="http://www.w3.org/2003/05/soap-envelope">');
    tb.AppendLine('  <Body>');
    tb.AppendLine('    <Login xmlns="http://Tesoralia/Services/Financial/1.0">');
    tb.AppendLine('      <request>');
    tb.AppendLine('        <Login>' + gUser + '</Login>');
    tb.AppendLine('        <Password>' + gPass + '</Password>');
    tb.AppendLine('      </request>');
    tb.AppendLine('    </Login>');
    tb.AppendLine('  </Body>');
    tb.AppendLine('</Envelope>');
    exit(tb.ToText());
end;
 

}

 

 

When executing the action GetToken3 regardles the user and password are correct or not, in OnPrem I get this error:
The SSL connection could not be established, see inner exception.
The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown, PartialChain, OfflineRevocation
 
In a SaaS environment it works properly
 
Thank you ever so much
Categories:
Dynamics 365 Business Central
I have the same question (0)
  • Gerardo Rentería García Profile Picture
    Gerardo Rentería Ga... 25,154 Most Valuable Professional on at
  • Suggested answer
    VS-28080459-0 Profile Picture
    VS-28080459-0 18 on at
    Install the Self-Signed Certificate:
    Ensure that the self-signed certificate is installed in the Trusted Root Certification Authorities store on the machine where the code is running. This can help the system recognize the certificate as trusted.

    Bypass SSL Validation:
    While not recommended for production environments due to security risks, you can bypass SSL validation for testing purposes. In AL, you can use the HttpClient to ignore SSL errors by setting the ServerCertificateCustomValidationCallback property.
    Here’s an example of how you might modify your code to bypass SSL validation:
     
    client := HttpClient.Create();
    client.DefaultRequestHeaders.Add('SOAPAction', 'Login');
    client.ServerCertificateCustomValidationCallback := (sender, cert, chain, sslPolicyErrors) => true;
    content.WriteFrom(composeBody());
    content.GetHeaders(headers);
    headers.Remove('Content-Type');
    headers.Add('Content-Type', 'application/soap+xml; charset="utf-8"');
    request.Method := 'POST';
    request.SetRequestUri(gUrl);
    request.Content := content;
    if not client.Send(request, response) then
        Error('Error en POST: %1', GetLastErrorText());
    if not response.IsSuccessStatusCode then
        Error('%1:%2', response.HttpStatusCode, response.ReasonPhrase);
    response.Content.ReadAs(respuesta);
    Message(respuesta);
     
    Check Certificate Chain:
    Ensure that the entire certificate chain is available and trusted. Sometimes intermediate certificates are missing, which can cause validation issues.
     
    Revocation Check:
    The error mentions RevocationStatusUnknown and OfflineRevocation. Ensure that the machine can access the Certificate Revocation List (CRL) endpoints. If the machine is offline or cannot reach these endpoints, it might fail the revocation check.
     
    Use a Valid Certificate:
    If possible, use a certificate issued by a trusted Certificate Authority (CA) instead of a self-signed certificate. This can avoid many of these issues.
  • JJMc Profile Picture
    JJMc 291 on at
     
    client.ServerCertificateCustomValidationCallback := (sender, cert, chain, sslPolicyErrors) => true;
     
    The previous line does not exist in AL
  • Suggested answer
    VS-28080459-0 Profile Picture
    VS-28080459-0 18 on at
    Instead, you can handle SSL certificate validation differently. Here are a few alternative approaches:
    Install the Certificate: Ensure the self-signed certificate is installed in the Trusted Root Certification Authorities store on the machine where the code is running.
     
    Use a Trusted Certificate: If possible, use a certificate issued by a trusted Certificate Authority (CA) to avoid these issues.
     
    Bypass SSL Validation: While not recommended for production, you can bypass SSL validation by configuring the HttpClient to ignore SSL errors. However, since AL doesn’t support ServerCertificateCustomValidationCallback, you might need to handle this differently, such as configuring the environment to trust the certificate.
     
    Custom AL Code: You might need to write custom AL code to handle the SSL validation. Unfortunately, AL doesn’t provide a direct way to bypass SSL validation like some other languages.
     
    Proxy Server: Use a proxy server that handles SSL termination. The proxy server can handle the SSL certificate validation, and your AL code can communicate with the proxy server over HTTP.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 3,226

#2
Jainam M. Kothari Profile Picture

Jainam M. Kothari 2,047 Super User 2025 Season 2

#3
YUN ZHU Profile Picture

YUN ZHU 1,257 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans