[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Httpapi and SSL

From: Scott Klement <sk@xxxxxxxxxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Httpapi and SSL
Date: Mon, 23 Nov 2009 11:47:31 -0600

Hello Mario,

> thank you for your answer but now I am a bit confused.My problem was that I
> have to use a web services with https. So I read that in one of the example
> in LIBHTTP that I have  to inizialize the https. 

You *can* initialize it, but you don't /have to/.

You can call https_init() and that will associate your program with an 
application ID in the Digital Certificate Manager.  Once you've done 
that, you can tweak all of the SSL settings for your application *if* 
you want to.

However, very few people use that feature.  Most people let HTTPAPI use 
default settings.

Even if you *do* decide to use that feature, you don't have to assign a 
certificate to the application.  You only assign a certificate if you 
want to use client-side authentication.

Unless you have a reason to use these features, I recommend not using 
them.  Just start your URL with 'https:' and HTTPAPI will automatically 
choose the default SSL settings for you.  No extra work to be done. 
(Other than that OS/400 needs to have it's SSL components installed)


> As I don't know much about and in my enviroment there was nothing
> configured I see you tips , start the DCM on a system i at 5.4 and
> follow step by step your tip. Now at point n) you wrote something
> about the association of the certificate that was different with what
> happen in my site.

Do you need to have client-side certificates working?  If not, then 
those steps don't apply to you.

If you do, then please talk to whomever is running the server and make a 
determination about who is to provide the client-side certificates. 
Then download and install them (or create one, if you are providing 
them.)  In either case, once you have a client-side certificate 
installed, it'll show up in the list.

However 99% of people using HTTPS don't use this support.  It's an 
unusual request.  My e-mail was aimed specifically at Ron, who 
specifically asked for help with client-side certificate support.

> only need is to use the https web services on a system i where there is not 
> https configured.So let me know if to use the https web service the steps I 
> followed are enough to succeed in https web services

Then install the SSL components of OS/400.  The licensed programs needed 
for your release will be in the Information Center under Security / SSL 
/ Plan for SSL.

Once you have them installed, go into the Digital Certificate Manager, 
and create a *SYSTEM certificate store.

That should be *all* you need to do (except putting 'https:' in your 
URL) to use SSL from HTTPAPI.
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- Re: Httpapi and SSL
  - From: Mario Martoriello

References:
- Httpapi and SSL
  - From: Mario Martoriello
- Re: Httpapi and SSL
  - From: Scott Klement
- Re: Httpapi and SSL
  - From: Mario Martoriello
- Re: Httpapi and SSL
  - From: Scott Klement
- Re: Httpapi and SSL
  - From: Mario Martoriello

Prev by Date: RE: READLINE question
Next by Date: HTTP/1.1 301 Moved Permanently
Previous by thread: Re: Httpapi and SSL
Next by thread: Re: Httpapi and SSL
Index(es):
- Date
- Thread