Re: HTTPS connections

[Scott Klement <midrange-l@xxxxxxxxxxxxxxxx>]

Hi Rick,

What you are describing is actually the default behavior. HTTPAPI does 
not send a certificate unless you set up an application identifier in 
the digital certificate manager, and then configure that app id for a 
client certificate.

The use of clients-side certificates is unusual.

Please be sure you are not confusing client-side certificates with CA 
certificates. :-)  If you are thinking that they are required, it is 
more likely that you are thinking of CA certificates.

-SK


On 6/25/2021 2:31 PM, Rick Rauterkus wrote:
> Hello all,
>
> We have used Scott's HTTPAPI for years to consume various web services
> without any issues.  This includes both HTTP and HTTPS connections.  But in
> setting up a new one recently, we could not complete the connection.  After
> a lot of troubleshooting, we have finally determined that they did not like
> our certificate.  So they are asking us to not use a certificate.
>
> Now I was under the impression that the certificate was required for a
> HTTPS connection.  But they are saying that since their server is providing
> a signed certificate to us, that we do not need to present a certificate.
>
> So my question is, is there a way using HTTPAPI to not use a certificate
> when connecting?  I reviewed the various procedures that HTTPAPI provides,
> but did not find anything that I thought could help.
>
> I know it calls the system APIs to do the communication, so maybe there is
> something there that could do this?  But then I fear that would affect all
> our web service calls.  I've never had to do anything special with
> certificates for the other connections, so maybe we don't need a cert for
> them either?
>
> Thank you for any advice you can provide!
> Rick