[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: https problems

To: ftpapi <ftpapi@xxxxxxxxxxxxx>
Subject: Re: https problems
From: Scott Klement <sk@xxxxxxxxxxxxxxxx>
Date: Tue, 12 Jul 2005 11:19:45 -0500 (CDT)
In-reply-to: <10596748.1121182129901.JavaMail.www@wwinf3102>
References: <10596748.1121182129901.JavaMail.www@wwinf3102>
Reply-to: ftpapi@xxxxxxxxxxxxx
Sender: owner-ftpapi@xxxxxxxxxxxxx

Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>

gsk_secure_soc_init returns error: [GSK_KEYRING_OPEN_ERROR] Certificate store file could not be opened.

Have you created the certificate store? Which certificate store are you trying to use? If you don't have one specified in the DCM for your application, it'll use *SYSTEM by default.

according to iSeries Information Centre: Authorities Authorization of *R (allow access to the object) to the certificate store file and its associated files is required. Authorization of *X (allow use of the object) to each directory of the path name of the certificate store file and its associated files is required.

That makes sense. Have you granted those authorities?

Registering goes OK, whether using a named app or not. According to operations navigator, Users and Groups, as a member of group DEVELOPER my usrprf has all object system privilege to the DCM certificate store.

I've never used ops nav for this, but that sounds promising.

What authority do I need to the DCM?

Anyone should be able to access the DCM, but according to the following page, you need *ALLOBJ and *SECADM to have all of the DCM options: http://publib.boulder.ibm.com/infocenter/iseries/v5r3/ic2924/info/rzahu/rzahurzahu401usingdcm.htm

Is it IOSYSCNFIG?

I believe *IOSYSCFG is for setting up hardware. I don't think it has anything to do with the Digital Certificate Manager.

Where is the certificate store?

Depends on the certificate store. When you create your own, you can put it anywhere you want. When you use the default one (aka *SYSTEM) it's put in the following directory:

/QIBM/USERDATA/ICSS/CERT/SERVER/

On that directory are two files. One is called "DEFAULT.KDB" and the other is called "DEFAULT.RDB"

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------

References:
- https problems
  - From: michael

Prev by Date: Re: HTTPAPI 1.11 pre-release - no data received with POST
Next by Date: Re: HTTPAPI 1.11 pre-release - truncating data on a POST
Previous by thread: https problems
Next by thread: Re: Re: https problems
Index(es):
- Date
- Thread