I was trying to integrate other services e.g. DHIS2 with CHT and for that I was thinking about using openHIM. I defined an outbound (after setting mark_for_outbound true) with the url & auth but from the logs of the mediator & platform, it seems like it is performing a GET request. Is there a way to change this to a POST?
@magp18 - Seconding what @diana mentioned, I found it to be a POST while I was exploring what an OpenHIM integration might look like in our CHIS-Interoperability repo.
Speaking of which, while this code is very nascent (and entirely lacking ;s !?), it may be helpful, along with our recently update documentation, about how to approach an OpenHIM integration.
This is from medic-sentinel (CHT is running on docker). I was assuming it was a GET because of the OpenHIM platform (but seems something went wrong before?)
I donât think CHT would make any request if payload mapping failed. Can you please have a look at your outbound configuration and make sure that it follows the documentation? The error would suggest that the mapping property is not set. .outbound | Community Health Toolkit
The CHT doesnât do certificate validation. Can you try making a request to your integration server from the server that hosts CHT API and check if the request goes through?
Thanks for the reply @diana and sorry for the late reply. But yes I think you are right, using 5001 works for me (I have a different error - ESOCKETTIMEOUT) but I think thatâs related to my openHIM mapping (there might be an error). I am trying to get it right and will let you know. Thanks anyhow
Sorry for reviving this post, but it seems like there is something related to the certificate, unless I am missing something.
I was using 5001 (http) and that was working but changing it back to 5000 (to use https) it still throws me that error âCertificate has expiredâ.
Doing the same thing with postman or curling from my CHT server works, however doing it from medic-os docker container fails with
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Upgrading curl in the container, makes that I am able to curl from inside of the container, so seems to me that there is no firewall or certificate issue but I could be wrong. However it still fails when pushing with the error âcertificate expiredâ.
Seems like this could be related to the ubuntu image used, might be too old (unsure if this is the issue though, but itâs the only thing we can think of right now)
@magp18 - Can you confirm where the âCertificate has expiredâ error is happening? As I understand it youâre trying to configure CHT with an Outbound push to OpenHIm. So is the CHT reporting that OpenHIE has an invalid certificate? Can you post logs where you see this error so we can get more context? As well, can you confirm the version of CHT youâre on?
Otherwise, to set up a valid certificate on CHT 3.x, you can see the docs here.
Finally if you want to test with fully valid TLS certificates, it can be helpful to use the freely available wildcard ones at Local IP. We even have an automated script to install these for you if youâd like.
The Local IP certificates are for testing and develop ment only - they are insecure by design!
That is happening inside the medic-os container. As soon as I updated curl I was not having it anymore (curling inside of the container) but I am still getting it after the push is triggered by submitting a form and checking the sentinel logs.
From the sentinel logs I have this:
I am not sure what other logs I can show you, they seem to not be related but if you now anything that would help, let me know and I will post it.
I have my certs created with certbot mapped to the right path as mentioned in the first link you sent, are they not fully valid TLS certificates?
Do you think we can take out nodejs & nginx in different containers and not in medic-os ? then we could have the latest version and perhaps could help ?
@magp18 - thank you so much for that screenshot! The Error: certificate has expired is super helpful to see.
I set up a dev instance and set two outbound pushes, one to a known expired cert (https://expired.badssl.com/) and one to know NOT expired cert (https://medic.org). I thought the first would fail and second would succeed. They BOTH failed . This is a potential bug, so Iâve opened a ticket for us to research this.
When I get some more time Iâll see if this persists in CHT 4.
Speaking of CHT 4 - we recommend upgrading! The new CHT Docker Helper is great (I helped write it ;).