I corrected (there is no "d" after "v5") and nothing changed.
Attached is a new image showing the result.
But, in both cases, the certificate was found by the application. The problem is that a window asking me my password/pin should appear and it didn't happen. So it will never authenticate successfully.

I put commas before the "~r~n" strings and it finally found the certificate.

(Instead of 

"CN = AC SOLUTI Multipla v5~r~n OU = AC SOLUTI v5d~r~n O = ICP-Brasil~r~n C = BR"

I used

CN = AC SOLUTI Multipla v5,~r~n OU = AC SOLUTI v5d,~r~n O = ICP-Brasil,~r~n C = BR

)

But connection still returns "-16", as shown in the picture I attached to this message.

And it could not be any different because the form that requests my password (witch is native to the company that issued the certificate) did not appear.

Hello, Logan.
Nothing has changed.

See the image attached to this message, please.

Any other suggestion?

Thanks.

Ok.  Now I have upgraded to Powerbuilder 2022.

I have used of one of the examples listed in the page https://docs.appeon.com/pb2022/powerscript_reference/SetClientCert_func.html 

(See below, at the end of this message, please.)

The variable ls_certSN received the serial number of my certificate and ls_certIssue received the entity that signed the certificate, as shown in the image attached to this message.

(In fact, what I expected was that the application called a pop up window listing the available certificates so that I could choose one, instead of hard-coding it in the script, but, since I could not figure out how to do it, I followed  dutifully the instructions to achieve my first success, but it didn't work.)

I tried all the options presented for "store name"

• "MY" -- The certificate store for personal certificates.

• "Root" -- The certificate store for trusted root certificate authorities (CAs).

• "Trust" -- The certificate store for directly trusted people, resources, and publishers.

• "CA" -- The certificate store for intermediate certificate authorities (CAs).

None of them worked. The error was always "-2 -- Failed to import certificate or the specified certificate is not found."

httpClient l_httpclient

String    ls_urlName            &
,        ls_ResPonse            &
,        ls_certSN            &        
,        ls_certIssue
integer    ln_rtn

l_httpclient = Create httpClient

 
ls_urlName = "https://webservices.consulta.esocial.gov.br/servicos/empregador/consultarloteeventos/WsConsultarLoteEventos.svc"

ln_rtn = l_httpclient.SendRequest("GET", ls_urlName)
ls_certSN = "7e0e209878604451"
ls_certIssue = 'CN = AC SOLUTI Multipla v5~r~n OU = AC SOLUTI v5d~r~n O = ICP-Brasil~r~n C = BR'
If ln_rtn = -16 Then
  l_httpclient.anonymousAccess = false
  ln_rtn = l_httpclient.SetClientCert("Trust", ls_certSN, ls_certIssue);
  ln_rtn = l_httpclient.SendRequest("GET", ls_urlName)
End If

Hi, Logan.

No I have not upgraded to 2022 version yet. I will probably be able to do this in the following days.
I don't know exactly how to set the variabes storeName, certIssue and certSN . By the examples, they those variables seem to be very specific the the user/client computer, witch is very unusual. But I guess I am misunderstanding something.

I will upgrade my PB installation and make some tests. When I finish, I will publish here the results.

You helped a lot.
Thanks.

Hello, Logan!

If the server requires the client to provide a certificate (ln_rtn = -16, in your example), do you mean that I shoud build a screen asking the user to write the address of the certificate and his password? An then, once with these informations, I would call the method below?

l_httpclient.SetClientCert("e:\\testclient.pfx", "123456");

Is it what you meant?

It could be a solution. But, in fact, I thought the midia of the certificate itself (usb token, for example) would offer me the interfaces/screens so that the user could select his certificate and fill his password safely, the way it happens when we use a web (ou even client/server) software (please, see the images I attached to this message, showing the windows that appers when I log in a server that requires a client certificate).

The object httpClient should't call these standard forms/screeens/windows where the user chooses his certificate and fills his password avoiding, this way, the need for the software (that is accessing the webservice, in our case, built with PB) to "know" the client's password?

Sorry if I am being dumb on some(many)thing(s). I promisse it's not on purpose!

Thanks again.

Hey, Logan.
Thanks for your help!

I had already realized that 2022 version of Powerbuilder could solve the problem. But, looking at the examples, and the parameters of SetClientCert function I culdn't figure out how to tell the application to ask the user the certificate he/she wuold like to use, just like when happens when we use any software that requires client cetificate. It seemed to me that the certificate to be used - as well as the password to access the cryptographic media - would be chosen by the user when makind the http request.

If you (or anyone) have any clue on how to set the parameters so that the user, during runtime, will be able to specify witch certificate will be used, please, let me know.

Thanks again.

Hi Demetrius,

Please try the HttpClient.SetClientCert method new provided by PowerBuilder 2022, but you need to upgrade PowerBuilder since you are running Powerbuilder 2021.

https://docs.appeon.com/pb/whats_new/Supports_two-way_SSL_authentication.html

https://docs.appeon.com/pb2022/powerscript_reference/SetClientCert_func.html

Regards, Logan