Error 363507 When Using HTTP Client GET API in LabVIEW

Updated Jun 1, 2022

Reported In

Software

  • LabVIEW

Operating System

  • LabVIEW Real-Time (NI Linux Real-Time)

Issue Details

  • I am trying to perform a simple HTTP Get request to my company's internal webpage but I have encountered the following error. I do not need the Secure Socket Layer (SSL) Certificate for this communication of mine. How should I resolve this error?
  • I am trying to perform a simple HTTP Get request to the Kaaiot Cloud Server with SSL/TLS enabled but I have encountered the following error. It works fine with other servers such as Google Maps and Bing Maps.
Error Code: 363507
Error Source:
LabVIEWHTTPClient.lvlib:GET.vi:390001<APPEND>

<b>Complete call chain:</b>
  LabVIEWHTTPClient.lvlib:GET.vi:390001
  GetToDLTM_START_v1.vi

Solution

This is error is caused when LabVIEW can not verify the authenticity of the server.
  • If Secure Socket Layer (SSL) Certificate is not required in your application, the error can be resolved by disabling the default enabled SSL authentication using the ConfigSSL.VI as illustrated by the image below. If FALSE, this VI does not verify the server's identity and does not provide optimal security. Specifying FALSE allows the client to accept self-signed certificates signed by the certificate creator rather than a trusted CA. T
Screenshot_1.png
  • There is a known issue (Bug 1811720) when running the code above (verify server (true) input = TRUE) on Linux Real-Time targets with Linux RT image version 21.5 or older. The issue happens when the server uses an SSL certificate from Let's Encrypt  (i.e Kaaiot Cloud Server). One of Let's Encrypt's older root certificates ("DST Root CA X3") expired in September 2021 and transitioned to a new one ("ISRG Root X1"). The way this was done requires OpenSSL 1.0.x and Linux RT image 21.5 and older does not satisfy this requirement. To solve this issue you can consider one of the following options:
    • Update the ca-certificates.conf file.
      • Remove "mozilla/DST_Root_CA_X3.crt" from /etc/ca-certificates.conf. You can use WebDAV or open an SSH session  to access and edit this file.
      • Open an SSH session with the RT target and run the update-ca-certificates command.
    • Update your Linux RT image to 21.8. The steps to complete this process can be found here.

Additional Information

You can check what certificates are used by your server using an online SSL checker.