[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HTTPAPI Keyfile path



Sender: Scott Klement <klemscot@xxxxxxxxxxxx>


On Thu, 18 Mar 2004 tpaulson@xxxxxxxxxxx wrote:
>
> In HTTPAPI, is the Keyfile path specified in the source anywhere that is
> can be checked or changed?  Or is it retrieved from the system?  Or does
> the handshake API retrieve this itself without being specified by the
> program.

HTTPAPI does not specify a keyring file.  All it does is tell the system
it's application ID.  You then are able to go into the digital certificate
manager and configure the resources for that application id.

> I have been recieving a GSK_KEYRING_OPEN_ERROR # 202.  The description
> on IBM's website says:
> Unable to open the key file. Either the path was specified incorrectly
> or the file permissions did not allow the file to be opened.

That's irritating.  I wish they'd tell you the ACTUAL error instead of
just "opening failed.  Try this..."

Just think of the time we'd save if IBM said "Couldn't open a file because
<reason> the file is <path>"


> I have been working with IBM as to why this is occuring on a 170 with
> V5R1M0, but the same program/source works on an 810 V5R2M0 and a 270
> V5R1M0.  The certificate manager is setup the same on all three.  Any
> ideas?

I could be wrong, but I think "Keyring file" is an older term that's been
replaced by the term "certificate store."  I don't really know how all of
that works because you don't have to -- IBM does it all for you.

When you go into the digital certificate manager and click "Select a
Certificate Store" it lets you choose from a list.  Do you know which one
of the items in that list has the "Manage Applications" for your
particular application id?

By default, applications are assigned to the *SYSTEM certificate store.
When I choose "*SYSTEM" in the DCM, it asks for a password.  Just above
the field where I enter the password, it prints the filename of the
certificate store:

/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB

Presumably, "KDB" is "key database."  Does the user have read access to
all of the files in the /QIBM/USERDATA/ICSS tree?
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------