SSL Error in api call (works with one server and d... - Qlik Community

parviz_asoodehfard · ‎2020-07-14

I would like to know, is it important who verified the SSL certificate? I have two Qlik servers and one of them works with API call correctly and another does not. I explained the error message and the difference between two machines. Can you tell me if this difference raise that error or I should look for something else?

The Error message which I get from calling qlik API (by pthon) says :

in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='qlik-11.xxx.xxxx.ca', port=4242): Max retries exceeded with url: /qrs/task/start/synchronous?name=ReloadTrigger&xrfkey=1234567890123456 (Caused by SSLError(SSLError("bad handshake: SysCallError(10054, 'WSAECONNRESET')")))

I know there is one difference between 2 servers. It's on the SSL certificate. They set up by two different people. Both have a valid SSL certificate but with different properties for verified.

The main difference is who verified them. They are like this:

website: bisb-02.xxx.xxxx.ca
verified by: bisb-02.xxx.xxxx.ca-CA
python result: work correctly

The result of cURL on those Qlik URL is like this:

C:\>curl -v https://bisb-02.xxx.xxxx.ca:4242

* Rebuilt URL to: https://bisb-02.xxx.xxxxx.ca:4242/
* Trying 10.xx.xx.58...
* TCP_NODELAY set
* Connected to bisb-02.xxx.xxx.ca (10.xx.xx.58) port 4242 (#0)
* schannel: SSL/TLS connection with bisb-02.xxxx.xxxxx.ca port 4242 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 189 bytes...
* schannel: sent initial handshake data: sent 189 bytes
* schannel: SSL/TLS connection with bisb-02.xxxx.xxxx.ca port 4242 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with bisb-02.xxxx.xxxx.ca port 4242 (step 2/3)
* schannel: encrypted data got 1847
* schannel: encrypted data buffer: offset 1847 length 4096
* schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with bisb-02.xxx.xxx.ca port 4242
* schannel: clear security context handle
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.

############################################################

website: qlik-11.xxx.xxxx.ca
verified by: XXXX-EnterpriseRootCA
python result: raise the error

C:\>curl -v https://qlik-11.xxx.xxxx.ca:4242

* Rebuilt URL to: https://qlik-11.xxx.xxx.ca:4242/
* Trying 10.xx.xx.59...
* TCP_NODELAY set
* Connected to qlik-11.xxx.xxx.ca (10.xx.xx.59) port 4242 (#0)
* schannel: SSL/TLS connection with qlik-11.xxx.xxx.ca port 4242 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 189 bytes...
* schannel: sent initial handshake data: sent 189 bytes
* schannel: SSL/TLS connection with qlik-11.xxx.xxx.ca port 4242 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with qlik-11.xxx.xxx.ca port 4242 (step 2/3)
* schannel: failed to receive handshake, SSL/TLS connection failed
* Closing connection 0
* schannel: shutting down SSL/TLS connection with qlik-11.xxx.xxx.ca port 4242
* Send failure: Connection was reset
* schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1)
* schannel: clear security context handle
curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

SSL Error in api call (works with one server and doesn't with another)