Discussions

 View Only
  • 1.  Security error when calling external API via webhook

    Posted 08-03-2018 20:10
    I am attempting to call a 3rd party API via webhook and currently getting the following security-related error  (Quickbase support provided me the logs containing the error)

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

    From research this appears to be related to invalid/missing/mismatch certs.  I was able to get the cert from the host system that is exposing the API- so the question now becomes if there is anyway for Quickbase to configure the cert on their side (if that's even relevant)

    Quickbase support pointed me to the 'community' for input.

    Thanks.


  • 2.  RE: Security error when calling external API via webhook

    Posted 08-03-2018 20:18
    Hi Scott. Does the other service have a valid SSL certificate? It is correct than Quick Base cannot officially support another endpoint but I'm happy to try and offer some guidance.


  • 3.  RE: Security error when calling external API via webhook

    Posted 08-03-2018 20:26
    They refer to their cert as a 'wildcard cert'.   I did export the cert and when viewing it does give messages like "Windows does not have enough information to verify this certificate"    The endpoint I am trying to hit is a development system endpoint (not production).      The challenge is that if I take the same parameters and request json into another tool like Postman I am able to successfully make the call without doing anything related to the cert.


  • 4.  RE: Security error when calling external API via webhook

    Posted 08-03-2018 20:50
    A wildcart cert is fine. If it is dev, it is possible they are using a self-signed certificate rather than coming from a trusted authority, which Quick Base will not be able to validate. It works fine from your local PC via Postman because there is no additional security check occurring there. If you run the domain against SSL Labs, what is the result? If you aren't comfortable sharing the domain publicly, let me know and I'll reach out to you via email (I found the case).


  • 5.  RE: Security error when calling external API via webhook

    Posted 08-03-2018 21:06
    Hi. I found the domain in the ticket and confirmed the certificate exists but is invalid for numerous reasons. For the security of everyone on the Quick Base platform, we are only able to connect to valid HTTPS endpoints that are properly secured. This protection helps to keep you and your data safe. I'd suggest reaching out to the service provider to see if they can install a proper certificate on that web server.

    Feel free to let us know of other questions or concerns.


  • 6.  RE: Security error when calling external API via webhook

    Posted 08-04-2018 02:12
    Harrison-  Many thanks for your help.  I will work with the provider to install a valid cert.

    Thanks again.


  • 7.  RE: Security error when calling external API via webhook

    Posted 08-06-2018 12:36
    Great. Glad I could help.