RE: HTTP API GSK Error 6000

["Troy Paulson" <tpaulson@xxxxxxxxxxx>]

Sender: "Troy Paulson" <tpaulson@xxxxxxxxxxx>

Thanks Scott,

I ended up having to delete the Application Definition that the program
created and create it manually, but now I am getting the same results as on
the first server.  Which still produces the errors I've contacted you about
previously.  Hopefully having this on more than 1 server will help me track
down the problem and fix it.

Troy

-----Original Message-----
From: owner-ftpapi@xxxxxxxxxxxxx [mailto:owner-ftpapi@xxxxxxxxxxxxx]On
Behalf Of Scott Klement
Sent: Thursday, February 19, 2004 5:28 PM
To: ftpapi@xxxxxxxxxxxxx
Subject: Re: HTTP API GSK Error 6000


Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>


GSK_AS400_BASE means that 6000 is the start of the as400-specific error
messages.  Errors lower than 6000 are the same on all platforms that GSKit
was written for.  Errors in the range 6000-6999 (AS400_BASE to
AS400_BASE_END) are AS/400-specific.   7000-7999 (OS390_BASE to
OS390_BASE_END) are OS/390 specific.

So, that's not an error message, per se, but rather just some numbers you
can compare to in your programs to see if the error is system-specific.

GSK_AS400_ERROR_NOT_TRUSTED_ROOT is the actual error message, it means
that there's a certificate being received that your application does not
trust.

SSL Certificates are sent in "chains."  Each certificate is digitally
signed by a certificate authority certificate.  Those certificate
authority certs are possibly signed by yet another certificate authority,
etc. making a chain.

The problem that you're encountering is that you're receiving a
certificate that's signed by someone that your application is not
configured to trust.  In other words, the "root" (signer) of the
certificate is not trusted.

You declare who you do and do not trust in the Digital Certificate
Manager.  If you already have a cert for the signer (which is usually the
case with VeriSign, Thawte, etc certificates) then you merely have to tell
your application to trust it.   If not, you may have to first install the
root certificate, and then tell your application to trust it.

In the digital certificate manager, do this:

1) select your certificate store

2) Click "manage applications"

3) Click "Defined CA trust list"

4) click (most likely) Client.

5) Select the application and click "Define CA Trust List"

6) Find the entity that you want to trust, check the box next to it, and
    click OK.



---
Scott Klement  http://www.scottklement.com

On Thu, 19 Feb 2004, Troy Paulson wrote:
>
> I'm trying to get the HTTP API working on another 400 after getting it to
> work on the first one.  I successfully got the PTF to install the latest
> Verisign Certs.  Now when I try to run the program, I get
GSKit_Error_6000.
> The GSK header file lists this error # twice.
>
> GSK_AS400_BASE
> GSK_AS400_ERROR_NOT_TRUSTED_ROOT
>
> Does anyone know what these mean, or what I should look at to fix this?
>
> Troy Paulson
> Client/Server Programmer
> NSC, Inc.
>
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubsribe from the list send mail
> to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
> -----------------------------------------------------------------------
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------