Unable to consume my own REST API (Could not establish trust relationship)

Unable to consume my own REST API (Could not establish trust relationship)

  

In our OutSystems Cloud development environment I have built a very simple applicaton, consisting of 2 modules.

In the first (home) module I defined an entity, Employee, as well as 2 exposing REST services, AllEmployees to return all employees, and GetEmployee to return a specific employee. Published the module, and everything works fine. I tested the exposing REST services by entering the URL in the browser as well as in the browser plugin Postman, both returning the correct JSON output.

So far so good.

Then I added a second module (in the same app), in which I consume both defined exposing REST services. I added a web screen using the output list of the AllEmployees service. Deployed the module and no errors.

And here my problem occurred ....

Executing the web screen displaying the outputlist of the AllEmployees call results in an internal error when the preparation calls the REST service. The error log displays the message: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel" with the detail information listed at the bottom of this post.

Off course I searched for this error message and found some posts about installing certificates, for example https://www.outsystems.com/forums/discussion/5690/web-services-could-not-establish-trust-relationship-for-the-ssl-tls/ 
But I really don't get this. It's all happening within the same (OutSystems) Cloudserver, the same application. It shouldn't be so hard to consume such a simple REST service I defined myself?

I hope someone can point me into the right direction.

= = = = = = =

Detail error information

Id: d1ce0b35-3dc5-4843-aec4-cd8d1ca56469
Time of Log: 2017-03-25 17:24:58
eSpace: CBETMANconsumeJSON
Tenant:
   
Users
User: (7)
Session Id: w0kqjei0hf44t2x4itvshffn
Server: S20SR-LT2SFO
Module:
   
Message:
   
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Environment Information     eSpaceVer: 4 (Id=350, PubId=387, CompiledWith=10.0.405.0)
RequestUrl: https://quobell-dev.outsystemscloud.com/CBETMANconsumeJSON/Home.aspx?_ts=636260630994783266 (Method: GET)
AppDomain: /LM/W3SVC/19/ROOT/CBETMANconsumeJSON-82-131349361400860209
FilePath: C:\OutSystems\Sandboxes\LHSR91016\Platform Server\running\CBETMANconsumeJSON\Employees.aspx
ClientIp: 83.87.6.115
Locale: en-US
DateFormat: yyyy-MM-dd
PID: 11592 ('w3wp', Started='3/23/2017 2:47:42 PM', Priv=974Mb, Virt=18683Mb)
TID: 126
Thread Name:
.NET: 4.0.30319.42000
Stack:
   
[1] The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
   at ssCBETMANconsumeJSON.CcOutsystemsdevQuobell.ActionGetEmployee(HeContext heContext, ICcOutsystemsdevQuobellCallbacks _callbacks, String inParamEmpNum, STAllEmployeesStructure& outParamResponse)
   at ssCBETMANconsumeJSON.Flows.FlowMainFlow.ScrnEmployees.Preparation(HeContext heContext)
   at ssCBETMANconsumeJSON.Flows.FlowMainFlow.ScrnEmployees.Page_Load(Object sender, EventArgs e)
   at System.Web.UI.Control.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

[2] The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)

can you share both oml's?

could something silly.

did you test it with turning off the ssl?


Hi J., could be something silly ... and silly it was :-)

While experimenting with your suggestion to turn off the SSL I found the error ... after copying the app from our on-premise environment to out OutSystemscloud development environment I forgot to alter the BASE URL fro the consuming REST services. So this was still pointing to our on-premise environment, thus causing the problem most probably.

After altering the BASE URL to our cloud environment, it worked, with and without SSL.

(This) problem solved J.,thnx :-)
Perhaps I'll get back to you because ou rproblems started on our on-premise environment ... I'll have to look into that some more.


In our on-premis environment I turned off SSL as J. suggested, and now the REST service call works fine!

Means I have to ask the DBA who configured our on-premise environment to have a look into this.

Calling the REST service with SSL turned on results in the error log message "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" with an extensive error detail. (see attached file)

Anyone who can pinpoint the problem? That would be nice :-)