Hello Eviews support and Eviews experts,
Our network security does deep packet inspection and because of that the WFopen command fails because the certificate using for our security uses a self signed certificate.
wfopen(type=txt) https://sdmx.oecd.org/public/rest/data/ ... at=csvfile custom=","
See attached screen capture for Eviews error.
When bypassing our security appliance, the same wfopen command works.
Could you please provide a way to specify a location for self-signed certificates or have eviews honor the windows certificate stores ?
Merci
Arnaud Atoch
Self Signed certificates
Moderators: EViews Gareth, EViews Moderator
-
- EViews Developer
- Posts: 799
- Joined: Tue Sep 16, 2008 3:00 pm
- Location: Irvine, CA
Re: Self Signed certificates
I'll create a new command to ignore all ssl certificate errors during that instance of EViews. This fix will be put into EViews 13 only.
Steve
Steve
-
- EViews Developer
- Posts: 799
- Joined: Tue Sep 16, 2008 3:00 pm
- Location: Irvine, CA
Re: Self Signed certificates
New undocumented commands have been created:
IgnoreCertError tells EViews to ignore any SSL certificate errors encountered when getting data over the internet. This setting will remain on until EViews is restarted or the RESTORECERTERROR cmd is called.
RestoreCertError turns off the ignore and restores default processing of all SSL certificate errors.
I've also added code to make these SSL cert errors appear with better descriptions when they happen.
These changes will be released in the next EViews 13 patch, most likely early next week.
Steve
Code: Select all
IGNORECERTERROR
RESTORECERTERROR
IgnoreCertError tells EViews to ignore any SSL certificate errors encountered when getting data over the internet. This setting will remain on until EViews is restarted or the RESTORECERTERROR cmd is called.
RestoreCertError turns off the ignore and restores default processing of all SSL certificate errors.
I've also added code to make these SSL cert errors appear with better descriptions when they happen.
These changes will be released in the next EViews 13 patch, most likely early next week.
Steve
Re: Self Signed certificates
Thank you for your quick reaction. We'll test as soon as we can get our hands on the updated version of Eviews 13.
Can I ask why you choose to ignore SSL errors rather than adding a command to had a path to additional certificates which seems a more secure approach ?
Can I ask why you choose to ignore SSL errors rather than adding a command to had a path to additional certificates which seems a more secure approach ?
-
- EViews Developer
- Posts: 799
- Joined: Tue Sep 16, 2008 3:00 pm
- Location: Irvine, CA
Re: Self Signed certificates
Simplicity.
And in fact, even if you have a self-signed certificate authorized in your local Windows store, it's Common Name will most likely not match the host name in your URL due to how your security appliance works (I'm guessing) -- so allowing the self-signed cert to be accepted still requires EViews to lower security. As a quick test, after the next patch, try your WFOPEN command again without calling the new Ignore cmd to see what error message you get.
As a precautionary measure, this new setting will not be the default. You'll have to call it whenever you restart EViews.
And in fact, even if you have a self-signed certificate authorized in your local Windows store, it's Common Name will most likely not match the host name in your URL due to how your security appliance works (I'm guessing) -- so allowing the self-signed cert to be accepted still requires EViews to lower security. As a quick test, after the next patch, try your WFOPEN command again without calling the new Ignore cmd to see what error message you get.
As a precautionary measure, this new setting will not be the default. You'll have to call it whenever you restart EViews.
Who is online
Users browsing this forum: No registered users and 6 guests