question

Upvotes
Accepted
37 1 1 6

Error 2002 Certificate validation error. self signed certificate in certificate chain

EMA C++ 2.0.3 on Centos 8 (docker)

Run the consumer example 450, got error below:

Error Location /local/jenkins/workspace/ESDKCore_RCDEV/OS/RH8-64/rcdev/source/rtsdk/Cpp-C/Eta/Impl/Reactor/rsslReactorWorker.c:1241

Error Text </local/jenkins/workspace/ESDKCore_RCDEV/OS/RH8-64/rcdev/source/rtsdk/Cpp-C/Eta/Impl/Transport/ripcsslutils.c:1037> Error: 2002 Certificate validation error. OpenSSL Return code: self signed certificate in certificate chain

Tried the command line: openssl s_client -showcerts -connect amer-3-t1.streaming-pricing-api.refinitiv.com:14002 , then got the output: cert_output.txt

Nothing special, and I also checked the thread below if any idea,

https://community.developers.refinitiv.com/questions/66332/enabled-ads-server-encryption-but-fail-to-connect.html

Could you please advise me? Thanks.

c++centosdockeropenssl
cert-output.txt (11.2 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
Accepted
20.3k 73 10 20

Hi @Frederic

If it is a customer issue, then it could be OpenSSL library issue OR they are trying to connect from behind a Proxy.

If a Proxy, then the client should speak to their internal network security - who can also raise a ticket with the RTO team via My.Refinitiv - they can help with Proxy connectivity type queries.


icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
20.3k 73 10 20

Hi @Frederic

Has this started occurring recently? Was it working fine previously?

If so, was the new ZScaler security tool installed on your PC by Refinitiv Security?

One of my colleagues whose PC was updated with ZScaler can no longer connect to Real-Time Optimised either.

Zscaler information page and FAQs

If so, Raise a ticket for the Zscaler team.. Request to whitelist Domain / URL - Service Portal (service-now.com)


If the above is not the case and/or you are asking on behalf of a customer -

  • it could be the customer is connecting through a Proxy
  • OR your OpenSSL libraries on your Centos build are out of date perhaps?
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Thanks @umer.nalla . The customer found the issue described above first running on his CentOS docker, I have also asked him to check again after running yum reinstall -y ca-certificates, waiting his response.

Click below to post an Idea Post Idea