[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HTTPAPI Keyfile path

To: ftpapi@xxxxxxxxxxxxx
Subject: Re: HTTPAPI Keyfile path
From: tpaulson@xxxxxxxxxxx
Date: Thu, 18 Mar 2004 17:28:27 GMT
Reply-to: ftpapi@xxxxxxxxxxxxx
Sender: owner-ftpapi@xxxxxxxxxxxxx

Sender: tpaulson@xxxxxxxxxxx

All of the permissions are set for the KDB file and directory.  IBM is stumped by this, and the only thing that is left, is to apply the latest CUM tape.  This will be happening this weekend and I'll find out if this fixed the situation next week.

Thanks

On Thu, 18 Mar 2004 10:39:55 -0600 (CST) ftpapi@xxxxxxxxxxxxx wrote:
> Sender: Scott Klement <klemscot@xxxxxxxxxxxx>
> 
> 
> On Thu, 18 Mar 2004 tpaulson@xxxxxxxxxxx wrote:
> >
> > In HTTPAPI, is the Keyfile path specified in the source anywhere that is
> > can be checked or changed?  Or is it retrieved from the system?  Or does
> > the handshake API retrieve this itself without being specified by the
> > program.
> 
> HTTPAPI does not specify a keyring file.  All it does is tell the system
> it's application ID.  You then are able to go into the digital certificate
> manager and configure the resources for that application id.
> 
> > I have been recieving a GSK_KEYRING_OPEN_ERROR # 202.  The description
> > on IBM's website says:
> > Unable to open the key file. Either the path was specified incorrectly
> > or the file permissions did not allow the file to be opened.
> 
> That's irritating.  I wish they'd tell you the ACTUAL error instead of
> just "opening failed.  Try this..."
> 
> Just think of the time we'd save if IBM said "Couldn't open a file because
> <reason> the file is <path>"
> 
> 
> > I have been working with IBM as to why this is occuring on a 170 with
> > V5R1M0, but the same program/source works on an 810 V5R2M0 and a 270
> > V5R1M0.  The certificate manager is setup the same on all three.  Any
> > ideas?
> 
> I could be wrong, but I think "Keyring file" is an older term that's been
> replaced by the term "certificate store."  I don't really know how all of
> that works because you don't have to -- IBM does it all for you.
> 
> When you go into the digital certificate manager and click "Select a
> Certificate Store" it lets you choose from a list.  Do you know which one
> of the items in that list has the "Manage Applications" for your
> particular application id?
> 
> By default, applications are assigned to the *SYSTEM certificate store.
> When I choose "*SYSTEM" in the DCM, it asks for a password.  Just above
> the field where I enter the password, it prints the filename of the
> certificate store:
> 
> /QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB
> 
> Presumably, "KDB" is "key database."  Does the user have read access to
> all of the files in the /QIBM/USERDATA/ICSS tree?
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubsribe from the list send mail
> to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
> -----------------------------------------------------------------------



-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------

Prev by Date: Re: HTTPAPI Keyfile path
Next by Date: Can't get TESTPUT to work
Previous by thread: Re: HTTPAPI Keyfile path
Next by thread: Can't get TESTPUT to work
Index(es):
- Date
- Thread