Discover Refinitiv
MyRefinitiv Refinitiv Perspectives Careers
Created with Sketch.
All APIs Questions & Answers  Register |  Login
Ask a question
  • Questions
  • Tags
  • Badges
  • Unanswered
Search:
  • Home /
  • Screening /
  • World-Check One /

For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

avatar image
Question by francesco.pizzolato · May 17, 2019 at 01:08 PM · world-checkworld-check-onesslcertificate

How can I download the service certificates?

Dear Support Team

I need to add the service certificates to the truststore of my application server as the server will be able to access just to your service as we have some policy constraints.

Normally we use openssl or directly the browser but with your service we are not able to achieve the result because we receive a HTTP 401 without any ssl handshake.

Could you please advice me on how to download the certificates? or may be you can provide them via email?

Thanks and Kind regards

People who like this

0 Show 3
Comment
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
francesco.pizzolato · May 21, 2019 at 07:40 AM 0
Share

Hi,

as AV84 said, we already have the OUR ceritficates, but we need to have a copy of YOUR certificates.

That is the case because we use a trustore

A truststore contains certificates from other parties that you expect to communicate with, or from Certificate Authorities that you trust to identify other parties.

We will not be able to connect to you if we don't have your certificates because the connectivity is established by our server only if your certificates are present in our truststore.


Normally we download the certificates directly form the website :

but being that your HTTPS server does not allow connection via browser we need them directly from you.

I hope this explains.

2019-05-21-13-39-00.png (5.4 KiB)
avatar image
REFINITIV
Irfan.Khan ♦♦ francesco.pizzolato · May 21, 2019 at 07:44 AM 0
Share

@francesco.pizzolato

Thank you for the explanation.

Please allow me some time to get back with updates on this.

avatar image
francesco.pizzolato · May 21, 2019 at 07:43 AM 0
Share

Hi we are connecting via Postman please sse my other comment

6 Replies

  • Sort: 
avatar image
REFINITIV
Best Answer
Answer by Irfan.Khan · May 30, 2019 at 05:09 AM

@francesco.pizzolato

We can’t recommend this installing of the certificates as we may update or change certificates without customer notification and with them trusting our current certificate only, your API integration would break.

It seems when the user just points at the browser, you get a connection reset, which is interesting and rather un-useful for getting the cert.

The OpenSSL command appears to work. I would suggest AVALOQ executes the command their end to validate the certificate rather than we supplying it via insecure means.

Again though, this is not supported, and it will break when certificates are changed.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Irfan.Khan · May 20, 2019 at 07:41 AM

@francesco.pizzolato

SSL certificates compatible with TLSv1.2 should be perfect to connect successfully to the WC1 API.

Request you to check the below link for more information:

https://www.ssl2buy.com/wiki/ssltls-deployment-best-practices

Kindly note we do not provide SSL certificates, but expect the clients to get it from a certificate authority. For example: digi cert.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Av84 · May 21, 2019 at 06:50 AM

Hi @Irfan.Khan, Speaking with Francesco, I can see that they are unable to connect to our API still once their application is in the server due to the cert issue.

I think they already procured their SSL certs from a CA, however the handshake is not happening. Do we know why that is the case? Anything to do with our root certificate validation or something?

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Irfan.Khan · May 21, 2019 at 07:33 AM

@francesco.pizzolato @Av84

Request you to provide me the complete error message that you are getting when connecting to the WC1 API.

Also, please provide me the request headers, response headers, date header value (in GMT) and the response code of the failed request so that I can cross check.

Request you to provide the certificate details installed too.

Comment

People who like this

0 Show 2 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
francesco.pizzolato · May 21, 2019 at 07:44 AM 0
Share

Hi,

as AV84 said, we already have the OUR ceritficates, but we need to have a copy of YOUR certificates.

That is the case because we use a trustore

A truststore contains certificates from other parties that you expect to communicate with, or from Certificate Authorities that you trust to identify other parties.

We will not be able to connect to you if we don't have your certificates because the connectivity is established by our server only if your certificates are present in our truststore.


Normally we download the certificates directly form the website :

but being that your HTTPS server does not allow connection via browser we need them directly from you.

I hope this explains.

avatar image
francesco.pizzolato · May 21, 2019 at 07:45 AM 0
Share

We know the error message, and we know how to solve it. we just need your certificates...

avatar image
REFINITIV
Answer by Av84 · May 22, 2019 at 05:54 AM

Hi @Irfan.Khan,

Based on what is mentioned by Franceso, can you please let me know what we are missing here?

Kind Regards,

-- Aravind

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Irfan.Khan · May 22, 2019 at 08:28 AM

@Av84 @francesco.pizzolato

Kindly note that our certificates are signed by public CAs so if the client have procured their certificates from a CA and they trust our certificates so you should be able to connect to our API server without a problem.

As we have public keys, our certificates should be automatically stored in your Truststore as soon as you connect with your endpoint.

Also, I am receiving such a request for the first time so I am quite curious about the implementation that you have done.

Would you give me more details on the certificates you have acquired, the version of certificate and the screenshot of the error so that I can understand this better and assist you accordingly.

Also, can you please elaborate the kind of integration you are doing to connect with the API server.

Comment

People who like this

0 Show 2 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
francesco.pizzolato · May 28, 2019 at 11:17 AM 0
Share

Hi,

we don't add automatically the certificates to the truststore. Because we use a prductive environment and in a productive environment we would not be able to understand of there is a person in between. It is for security reasons.

we download those certificates. can you please check if these are the right ones?

certificates.txt

certificates.txt (30.5 KiB)
avatar image
REFINITIV
Irfan.Khan ♦♦ francesco.pizzolato · May 29, 2019 at 06:32 AM 0
Share

@francesco.pizzolato

Please allow me some time so that I can get back with updates on this.

Watch this question

Add to watch list
Add to your watch list to receive emailed updates for this question. Too many emails? Change your settings >
12 People are following this question.

Related Questions

Does REST Template internally validates the certificate's expiry?

Is a certificate required when integrating World Check One with Oracle ORDS?

"cases/{ {case-system-id}}/screeningRequest" is not updating case results when called again after case update request

Could not get any response. API. Postman

HSBC - The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted;

  • Copyright
  • Cookie Policy
  • Privacy Statement
  • Terms of Use
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Alpha
  • App Studio
  • Block Chain
  • Bot Platform
  • Connected Risk APIs
  • DSS
  • Data Fusion
  • Data Model Discovery
  • Datastream
  • Eikon COM
  • Eikon Data APIs
  • Electronic Trading
    • Generic FIX
    • Local Bank Node API
    • Trading API
  • Elektron
    • EMA
    • ETA
    • WebSocket API
  • Intelligent Tagging
  • Legal One
  • Messenger Bot
  • Messenger Side by Side
  • ONESOURCE
    • Indirect Tax
  • Open Calais
  • Open PermID
    • Entity Search
  • Org ID
  • PAM
    • PAM - Logging
  • ProView
  • ProView Internal
  • Product Insight
  • Project Tracking
  • RDMS
  • Refinitiv Data Platform
    • Refinitiv Data Platform Libraries
  • Rose's Space
  • Screening
    • Qual-ID API
    • Screening Deployed
    • Screening Online
    • World-Check One
    • World-Check One Zero Footprint
  • Side by Side Integration API
  • TR Knowledge Graph
  • TREP APIs
    • CAT
    • DACS Station
    • Open DACS
    • RFA
    • UPA
  • TREP Infrastructure
  • TRKD
  • TRTH
  • Thomson One Smart
  • Transactions
    • REDI API
  • Velocity Analytics
  • Wealth Management Web Services
  • Workspace SDK
    • Element Framework
    • Grid
  • World-Check Data File
  • 中文论坛
  • Explore
  • Tags
  • Questions
  • Badges