Using NotesHTTPRequest with Self Certified Target Fails

Mindwatering Incorporated

Author: Tripp W Black

Created: 11/21/2020 at 01:25 AM


Domino Server Issues Troubleshooting

Wrote script to retrieve an HTTP request, via NotesHTTPRequest results in a SSL failure message.

Message similar to our custom one:
Unexpected error: 4848, line: nn, Problem with SSL, please enable debug trace setting Debug_NotesHTTPRequest for more information.

Solution A:
Give the target a trusted (public/third-party SSL certificate).

Solution B:
If the server target has to use a self-certified certificate, you can workaround this issue by adding the CA PEM chain to the Domino server.

Part A: Get the self-certified CA (root) PEM chain
1. Navigate to the target server with the self-cert.

2. Click the browser lock icon.

3. Choose the typically "More information" option to view the certificate.

4. Choose the the CA (root chain) PEM certificate and download it.

Part B: Download the cacert.pem file from the /local/notesdata folder to the local workstation with the downloaded self-certified cert in step A above.
1. Using FileZilla or some other tool, login as the notes users and download the file /local/notesdata/cacert.pem

2. Open both files in a text editor like Atom.

3. Copy the contents of the self certified CA chain -- typically two sections -- to the Domino cacert.pem file.

4. With a terminal session on the Domino server, make a copy of the Domino server's cacert.pem.
$ ssh
<enter password>
notes $ cd /local/notesdata/
notes $ cp cacert.pem cacert_backup.pem

5. Using Filezilla, transfer the updated cacert.pem up to the Domino server. Take the option to overwrite the original file.

Try using the remote page again.
In our case with R11.0.1, we did NOT have to restart the HTTP services. The updated PEM contents were immediately available.

SSL TLS HTTP Rest Debug Trace Setting
createhttprequest "problem with ssl"

previous page