Hi All,
I am trying a POC in my personal environment on consuming REST API.
When I test the API its throws following error: "Could not establish trust relationship for the SSL/TLS secure channel"
I cannot configure the SSL certificate in OutSystems personal environment of consumed application, so can we Disable SSL for Integrations.
Regards,
Vinod
Hi Vinod Kumar,
I believe it is not possible to disable SSL/TLS for consumed web services. Only for exposed web services.
You can find more information about this issue at this link:
https://success.outsystems.com/Support/Troubleshooting/Application_runtime/Could_not_establish_trust_relationship_when_consuming_webservices_in_OutSystems
But, I think that because it is a personal environment, it should not be possible to install a third-party certificate.
Pedro Costa
Hi @Pedro Costa ,
I have used the following "REST Ignore Certificates" forge component in REST API OnBeforeRequest Advanced with this logic it stopped throwing the SSL certificate error.
However in Get method it started throwing 403 exception. Any thoughts on this.?
It is typically not advised to disable SSL certificate validation as this can leave your application vulnerable to security flaws like man-in-the-middle attacks. You may, however, decide to temporarily forego SSL certificate validation in some development or testing situations where it is neither practical nor required.
Disabling SSL certificate validation for integrations through a configuration setting is not possible in OutSystems directly. Nevertheless, you can accomplish this by adding custom code that ignores problems in the SSL certificate. Here's a basic strategy:
Implement custom code:- To prevent SSL certificate validation while submitting requests to the REST API, use custom code. For instance, in.NET, you can accomplish this by configuring the ServicePointManager.The ServerCertificateValidationCallback attribute should be set to a function that yields true in every case.
Use a custom HTTP client:- Create a custom module or extension that encapsulates the HTTP request logic and use it in place of OutSystems' integrated HTTP client. Put the code to deactivate SSL certificate validation in this custom HTTP client.
Handle SSL errors gracefully:- Even when disabling SSL certificate validation, it's important to handle SSL errors gracefully in your application. Log any SSL-related errors for debugging purposes and consider implementing fallback mechanisms in case of SSL-related failures.
Always use this method sparingly and only in settings where it is not practical or required to validate SSL certificates. Make sure that in any environment where security is an issue, such as production, SSL certificate checking is enabled.