[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RV: Problem when connecting from AS/400 to a Link with https
Gregorio,
It sounds like the Certificate Authority (CA) certificate that you're
using to verify the server's certificate is either missing, expired, or
you don't have them selected as "trusted".
If you are, indeed, connecting to wwwcie.ups.com, they use VeriSign
certificates. These are installed in your iSeries by default, so they're
probably not missing. More likely, they're expired.
My suggestion, first of all, is to make sure you're running the latest
version of HTTPAPI (Version 1.15).
Next, do NOT call https_init() and do NOT specify an APP_ID. You don't
need to do that with UPS, you can use the default settings for your
certificate store, you don't have to create your own application setup in
the Digital Certificate Manager (DCM).
If that doesn't help, then verify that the VeriSign CA certificates are
set up properly in your DCM. To do that, follow these steps:
a) Make sure the HTTP admin server is running on your system:
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
b) Connect to it with a browser:
http://as400.example.com:2001
c) Click "Digital Certificate Manager"
d) Click "Select a Certificate Store" and use *SYSTEM. You'll need the
correct password to access it.
e) On the left, click "Manage Certificates"
f) Then "Validate Certificates"
g) Then "Certificate Authority (CA)" certificates
h) You should have an entry for "VeriSign Class 1". Select it and click
"Validate"
i) Repeat the last step for "VeriSign Class 2" and "VeriSign Class 3".
Make sure that they're all valid.
j) If one of them is invalid, there should be PTFs available from IBM to
update them.
---
Scott Klement http://www.scottklement.com
On Wed, 12 Apr 2006, Gregorio Alarcón B. wrote:
Hi Scott, I have the following problem, we cannot be connected to a safe
site HTTPS, but we do not have problems with a site HTTP.
In program EXAMPLE4 library libhttp (AS/400 Scott Klement), in the head
I define the certificate that already this created in the digital
certificate administrator.
D APP_ID C CONST('EUROAMERICA_HTTPAPI_EXAMPLES')
In the following rutine it is part of the example which we are using to
connect us to a safe site HTTPS, this same rutine works to us well with
HTTP.
C** The only diff between using HTTPS and using HTTP is
C** the URL that we pass. It starts with 'https://'
c eval rc=http_url_post(
c 'https://wwwcie.ups.com/ups.app'+
c '/xml/Track':
c %addr(data): %len(%trimr(data)):
c '/home/httptest.html')
c if rc <> 1
c eval msg = http_error
c dsply msg
c return
c endif
The error message is the following one:
(GSKit) the certificate is not indicated by a verified Authority certifier.
in log of the AS/400 it gives the following message:
Any certificate available for the process of SSL, error does not exist =
403.
What I this needing so that this works?
Regards,
Gregorio