Error 363507 When Using the HTTP Client API in LabVIEW

Updated Dec 18, 2023

Reported In

Software

  • LabVIEW

Operating System

  • LabVIEW Real-Time (NI Linux Real-Time)

Issue Details

  • I am trying to perform a simple HTTP Get request to my company's internal webpage but I have encountered the following error. How should I resolve this error?
  • I am trying to perform a simple HTTP Get request to the Kaaiot Cloud Server with SSL/TLS enabled but I have encountered the following error. It works fine with other servers such as Google Maps and Bing Maps.
Error Code: 363507
Error Source:
LabVIEWHTTPClient.lvlib:GET.vi:390001<APPEND>

<b>Complete call chain:</b>
  LabVIEWHTTPClient.lvlib:GET.vi:390001
  GetToDLTM_START_v1.vi

Solution

This is error is caused when LabVIEW can not verify the authenticity of the server.
  • If you are using the Open Configuration (HTTP) VI to initialize an HTTP connection for SystemLink data services, try wiring the ca certificate file terminal to a custom or private CA certificate located on the system. The CA certificate authenticates a secure sockets layer to communicate data between your application and the server. If you leave this input unwired, the VI uses the system defaults, which include public CA certificates.
  • If the server you are attempting to connect to is not successfully being authenticated, try adding your Certificate Authority (CA) certified certificate hash to a personal certificate or LabVIEW's default list of trusted certificates. 
  • There is a known issue (Bug 1811720) when running the code above (verify server (true) input = TRUE) on Linux Real-Time targets with Linux RT image version 21.5 or older. The issue happens when the server uses an SSL certificate from Let's Encrypt  (i.e Kaaiot Cloud Server). One of Let's Encrypt's older root certificates ("DST Root CA X3") expired in September 2021 and transitioned to a new one ("ISRG Root X1"). The way this was done requires OpenSSL 1.0.x and Linux RT image 21.5 and older does not satisfy this requirement. To solve this issue you can consider one of the following options:
    • Update the ca-certificates.conf file.
      • Remove "mozilla/DST_Root_CA_X3.crt" from /etc/ca-certificates.conf. You can use WebDAV or open an SSH session   to access and edit this file.
      • Open an SSH session with the RT target and run the update-ca-certificates command.
    • Update your Linux RT image to 21.8. The steps to complete this process can be found here.
  • Not recommended for security reasons: If Secure Socket Layer (SSL) Certificate is not required in your application, the error can be resolved by disabling the default enabled SSL authentication using the ConfigSSL.VI as illustrated by the image below. If FALSE, this VI does not verify the server's identity and does not provide optimal security. Specifying FALSE allows the client to accept self-signed certificates signed by the certificate creator rather than a trusted CA.
  • Screenshot_1.png

Additional Information

You can check what certificates are used by your server using an online SSL checker.

Related Links

Other Support Options

Ask the NI Community

Collaborate with other users in our discussion forums



Request Support from an Engineer

A valid service agreement may be required, and support options vary by country.