Question
Martin Staudigel · Nov 22

Is it possible to disable certificate validation on a HS.FHIRServer.RestClient.HTTP Enpoint

Hello Community,

when trying to send HS.FHIRServer.Interop.Request objects to an external FHIR server, I get errors: ERROR #6156: No match between server name '...' and SSL certificate values '...'. The reason is pretty clear, the problem is that we don't get correct certificates in time, but have some pressure to go live with the interface.

In the SSL/TLS Configuration "Server certificate validation" is set to none. Is there a way to temporarily disable this kind of certificate validation (sending unencrypted via http is no option) in the service settings, or anywhere else? 

Thanks for your help, regards,

Martin

Product version: IRIS 2021.1
$ZV: IRIS for UNIX (SUSE Linux Enterprise Server for x86-64) 2021.1 (Build 215U) Wed Jun 9 2021 09:48:27 EDT
0
0 167
Discussion (3)2
Log in or sign up to continue

Hi @Martin Staudigel 

Create a custom client class, then override the method InvokeRequest. In the method set the property SSLCheckServerIdentity  of private property %HttpRequest to false .

Bellow a simple example:

Class User.FHIRRestClient Extends HS.FHIRServer.RestClient.HTTP
{

/// @API.Overridable<br>
/// InvokeRequest takes the Private %HttpRequest object - passed in as pRequest here -
/// and invokes the request. The HTTP response is stored as the HttpResponse property
/// of the HTTP request object. This method returns a reference to that property.<br>
/// @Input pRequest %Net.HttpRequest object.<br>
/// @Input pRequestMethod HTTP verb.<br>
/// @Input pPayload Input payload content, can be FHIR resource content or Patch content.<br>
/// @Input pRequestPath Request path, as derived by the invoked interaction-specific method.<br>
/// @Input pQueryString Query string, as derived by the invoked interaction-specific method.
Method InvokeRequest(pRequest As %RegisteredObject, pRequestMethod As %String, pRequestPath As %String, pQueryString As %String) As %RegisteredObject
{
  Set ..%HttpRequest.SSLCheckServerIdentity = 0
  Return ##Super(pRequest, pRequestMethod, pRequestPath, pQueryString)
}

}

Hi Cristiano,

I took your idea and (simplified) added a property and setting 'CheckServerIdentity' which is set to 1 by default to the custom business operation, to make this setting available over settings menu. Works like a charm!

Thanks a lot for your help!

Regards,

Martin