[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: https problems

To: ftpapi@xxxxxxxxxxxxx
Subject: Re: Re: https problems
From: michael@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Date: Wed, 13 Jul 2005 09:48:09 +0200 (CEST)
Reply-to: ftpapi@xxxxxxxxxxxxx
Sender: owner-ftpapi@xxxxxxxxxxxxx

Hi Scott

I am a mere developer so I am in the process of persuading my boss to grant my *SECADM to our development box whilst I play with the certificate store.

May I make a suggestion? The HTTPAPI does not include TRACE procedures. I have created my own with a mangled version of your GET procedures, which was a good learning experience.

thanks

Michael Sutton

> Message date : Jul 12 2005, 05:40 PM
> From : "Scott Klement"
> To : "ftpapi"
> Copy to :
> Subject : Re: https problems
> Sender: Scott Klement
>
>
> > gsk_secure_soc_init returns error: [GSK_KEYRING_OPEN_ERROR] Certificate
> > store file could not be opened.
>
> Have you created the certificate store? Which certificate store are you
> trying to use? If you don't have one specified in the DCM for your
> application, it'll use *SYSTEM by default.
>
> > according to iSeries Information Centre: Authorities Authorization of *R
> > (allow access to the object) to the certificate store file and its
> > associated files is required. Authorization of *X (allow use of the
> > object) to each directory of the path name of the certificate store file
> > and its associated files is required.
>
> That makes sense. Have you granted those authorities?
>
> > Registering goes OK, whether using a named app or not. According to
> > operations navigator, Users and Groups, as a member of group DEVELOPER
> > my usrprf has all object system privilege to the DCM certificate store.
>
> I've never used ops nav for this, but that sounds promising.
>
>
> > What authority do I need to the DCM?
>
> Anyone should be able to access the DCM, but according to the following
> page, you need *ALLOBJ and *SECADM to have all of the DCM options:
> http://publib.boulder.ibm.com/infocenter/iseries/v5r3/ic2924/info/rzahu/rzahurzahu401usingdcm.htm
>
> > Is it IOSYSCNFIG?
>
> I believe *IOSYSCFG is for setting up hardware. I don't think it has
> anything to do with the Digital Certificate Manager.
>
>
> > Where is the certificate store?
>
> Depends on the certificate store. When you create your own, you can put it
> anywhere you want. When you use the default one (aka *SYSTEM) it's put in
> the following directory:
>
> /QIBM/USERDATA/ICSS/CERT/SERVER/
>
> On that directory are two files. One is called "DEFAULT.KDB" and the other
> is called "DEFAULT.RDB"
>
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list. To unsubsribe from the list send mail
> to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
> -----------------------------------------------------------------------
>
>

Whatever you Wanadoo

This email has been checked for most known viruses - find out more here

Prev by Date: Re: HTTPAPI 1.11 pre-release - no data received with POST
Next by Date: Re: Re: https problems
Previous by thread: Re: https problems
Next by thread: Re: Re: https problems
Index(es):
- Date
- Thread