Everytime I access the rest api from IE I recieve a certificate error. Even if I choose to download the certificate presented by the site, I continue to get the errors. I’ve been able to import our own signed certificate for Web Reports, but REST API seems to create it’s own certificate. Has anyone else had issues with this? What are my options to avoid the certificate errors?
I guess that is what I would like to do. Like I said I followed the process to import a signed certificate for the web reports server, how can I do the same for the REST API?
This does bring up the question, can you install a valid signed SSL certificate for the root server, so that it would not have this error?
This error message isn’t a Root Server error. Rather, the client, in your case Internet Explorer, cannot verify the SSL certificate. If you add the Root Server’s SSL certificate to the list of trusted certificates on Internet Explorer, you would no longer see this error message.
how can I do the same for the REST API?
The REST API is accessible via HTTP. The IEM command line tool we provide is simply a thin wrapper to the cURL command line tool. Currently, that tool does not have a built in trusted certificate store.
As jgstrew mentions, you could use the cURL command line tool with the option -k/–insecure. See http://curl.haxx.se/docs/sslcerts.html
for more details.
This error message isn’t a Root Server error. Rather, the client, in your case Internet Explorer, cannot verify the SSL certificate. If you add the Root Server’s SSL certificate to the list of trusted certificates on Internet Explorer, you would no longer see this error message.
This is incorrect. The issue is the Root Server’s SSL cert is not validly signed so it is rejected by default by all HTTP clients that validate SSL, as they should.
Telling an HTTP client to skip SSL validation or to install an unsigned SSL cert into every single clients’ certificate store so that it appears to be valid is not a solution, it is a very poor workaround.
The solution is for the Root Server’s SSL certificate to be valid in the first place. How do you install a validly signed SSL cert for IEMserver.organization.tld so that the Root Server’s SSL cert is not rejected? This is the question we are asking to solve the problem, not how to get around the problem.
This is incorrect. The issue is the Root Server’s SSL cert is not validly signed so it is rejected by default by all HTTP clients that validate SSL, as they should.
Yes, it is rejected because the Root Server’s SSL certificate is not a part of the client’s trusted certificate chain. Unless specified, the Root Server uses a self-signed SSL certificate that is not a part of Internet Explorer’s nor cURL’s default trusted certificate chain.
You can specify a different SSL certificate using the following client settings:
_BESRelay_HTTPServer_SSLCertificateFilePath, with value as the path to the SSL certificate