NetSuite 2016.1 SSL Tightening: Errors with HTTPS Outbound Calls

This article is relevant if you are managing a service that receives https requests from NetSuite server and client systems and you are now seeing issues in your application which were previously stable prior to release 2016.1.

Background

NetSuite has been working to tighten up its security relative to all the discovered weaknesses in SSL security.  There have been a number of NetSuite provided announcements about 2016.1 upgrades expected to be rolled out in Spring 2016.  Most of the announcements related to systems calling into NetSuite via SSL primarily for Web Services.

We have some services we manage where we outbound a call from NetSuite servers to a remote application server via https.   Once 2016.1 went live, we received a new error message from our SuiteScript application.  Our application was throwing an UNEXPECTED_ERROR when calling out to the remote server.  These types of errors are hard to diagnose.  Using our favorite REST based client, Postman, the services appeared to be running fine.

Suspecting it had to do with 2016.1, we reached out to NetSuite support.  They returned relatively quickly with a defect but with some guidance on the issue.

Defect #- 382835 SSS > nlapiRequestURL > throw an UNEXPECTED_ERROR

Configuring your SSL based Servers to Meet Security Standards

Using an SSL client testing service, we discovered that we indeed had a misconfiguration in our server. ¬†While there were a number of areas that demand tightening up on the server, a small project in itself, the real culprit was a mismatch between our Apache web server ServerName and the SSL certificate name. ¬†The testing tool revealed that the later versions of Java client where returning an “SNI unrecognized_name warning”. ¬†While not part of the infrastructure upgrade announcement information provided by NetSuite, this configuration is effectively now being enforced by NetSuite.

We were able to use this article to help us learn how to clean up our Apache web server configuration relative to the SSL client testing tool. ¬† Our SSL certificates are set to expire soon and we are planning to get new ones using the Let’s Encrypt SSL open source project. ¬†This will be an ideal ¬†time to solve the other noted concerns that the client testing tool revealed.

Get Expert NetSuite Help

As a NetSuite Systems Integrator, we often are working with third party systems. ¬†As such, it is important to have the expertise to design applications that work well within NetSuite and to be able to diagnose situations that may manifest within NetSuite but are really about issues outside of NetSuite. ¬†If you are looking for expert help with your specialized NetSuite application, let’s have a conversation.

Be Sociable, Share!

Marty Zigman

Holding all three official certifications, Marty is Southern California's NetSuite expert and leads a team of senior professionals at Prolecto Resources, Inc. He is a former Deloitte & Touche CPA and has held CTO roles. For over 25 years, Marty has produced leadership in ERP, CRM and eCommerce business systems. Contact Marty to setup a conversation.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

| Tags: , , , | Category: NetSuite, Technical | Leave a comment

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>