Instructions on how to create an SSL/TLS configuration in Cache...

Hello,

Can anyone please provide me with a guide I can follow to create an entry in Cache's SSL/TLS configuration that would allow me to "speak" to an website via the Post method using SSL.

I need to simulate functionality that is provided by my browser but from with Cache.

The topics I have are:

1. From where do I source the certificate that will be used for this process?

2. What processing must I do on it to make it acceptable for Cache's SSL/TLS

3. What settings are required when filling the the form

 

I have been reading on the %Net.HTTPRequest (thanks to @)

 

Thanks

Charles

 

  • + 1
  • 0
  • 164
  • 2
  • 1

Answers

Hello,

As I understand, you want to have Cache as a client, doing a post toward a secure web page.
For this you need to define an SSL "Client".

1. Go to "System Administration" --> "Security" --> "SSL/TLS configuration" --> "Create new configuration"

2. Give any name you want in "Configuration name" for example : SSL

3. Default values for "Type" = "client" and "Enabled"

4. Clisk "Test" button (before save) enter a web site (google.com) click "ok" then enter port = 443. You should get the following:

"SSL connection succeeded" 

5. Save the configuration.

Using that SSL with %Net.Httprequest - https://irisdocs.intersystems.com/iris20191/csp/documatic/%25CSP.Documatic.cls?APP=1&LIBRARY=%25SYS&CLASSNAME=%25Net.HttpRequest

The trick is to use the "SSLConfiguration" property of %Net.HttpRequest class to store the name of the SSL configuration you have devfined earlier.

Here is a sample code :

Req = ##class(%Net.HttpRequest).%New()
Req.Server = "www.server.com"
Req.SSLConfiguration = "SSL"
Req.InsertFormData("name","value")
Req.Post("/location/path")
Res Req.HttpResponse
$IsObject(Req) Res.OutputToDevice()

 

This will connect and works for testing, but for a production configuration you should also edit the configuration so that it checks the server's certificate.  If you don't, the configuration will connect without an error even if someone is pretending to be the server you're trying to connect to.  Since you're setting up TLS, that's probably not what you want.

To do this, change the "Server certificate verification" setting from 'none' to 'require' and then fill in the name of the file which contains the certificate authority (CA) certificate for the server you're connecting to in the "File containing trusted Certificate Authority certificate(s)" field.  The certificate should be in PEM format, and the file may contain multiple certificates if you want to include more than one.