I have successfully consumed a HTTPS web service via LotusScript by importing WSDL using the 8.5 Designer. I developed an agent to utilize the web service in LotusScript using the 8.5 Designer client. The web service uses HTTPS, so during my testing I received a cross certificate dialog and cross certified the web service in my local address book. So far so good …
I deployed the web service on the Domino Server expecting to create an internet cross certificate as I did on my client. I created a cross certificate in the Domino Directory using the Organization certifier just to be sure. However, when I call the web service I receive the following error:
30/07/2009 18:18:29 HTTP Server: Agent ‘Serasa Test’ error: Web Service WsgestordecisaoSoap_n0 method AnalisarCredito error Error connecting to ‘gw-homologa2.serasa.com.br’ on port ‘443’, SSL Error: Keyring file not found
I created a self certified keyring and configured the server for SSL. The HTTP server shows it is listening on port 443 and correctly answers on HTTPS. However, I still receive the same error message. I tried to create the same type of internet cross certificate on the client using the organization certifier and it works just fine running the web service from the UI. I have even tried running the web service from a Domino Designer client installed directly on the server and it works perfect in the UI.
I even tried creating an internet cross certificate issued by the server itself. But still no luck. What Keyring file is the web service referring to?
Does anyone have any idea how to solve this issue? Any help would be appreciated.
We were encountering the same issue with our Domino 8.0.2 server in that SSL was working fine for other things but we could not get a web service consumer to work, it always produced the “SSL Error: Keyring File access error” message.
We finally found through the use of the SSL_TRACE_KEYFILEREAD = 1 notes.ini parameter that when executing a web service consumer on a Domino server it requires access to a key file as defined in the Server doc, not as defined in Web Site docs. I believe the ring file must also contain a trusted root that can match to the SSL cert from the Web-Service host.
To make it worse the field that defines the location of the key file name in the server doc will be hidden (in the Internet Ports section) if you have set the “Load Internet configurations from Server\Internet Sites documents” field to “Enabled” in the basics tab.
Since we had not changed the default in our server doc, it was looking for a “keyfile.kyr” file, while our key file had been installed with a different name, and correctly configured in our Web Site doc.
Setting the “Load Internet configurations from Server\Internet Sites documents” to disabled in the server doc, then setting the key ring file name to match the installed file name, and then resetting the “Load Internet configurations from Server\Internet Sites documents” to backed to enabled and saving the doc, solved the problem.
We still have a minor issue that we cannot get the web service consumer to work on the same server as the web service itself (for testing). We can get web service consumers to work from one Domino server to another, and from a Domino server to a non-Domino host, but not to a host on the same server. It produces cross certification error message that we do not seem able to solve regardless of which internet cross certificates we create…