[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Question on HTTPAPI and GSKIt API's



Yes, we have used it to talk to a government web service that protects access by requiring clients to authenticate via a digital certificate issued by them as the issuing authority.
They provide a web site where clients can register and create a digital certificate that establishes an identity that is retained within the government certificate store.
To use their web service, the client must download their unique digital cert and use it to authenticate when attempting to access the web service.

The downloaded certificate should be imported into the i5 certificate store via the import facility of the DCM provided by the *ADMIN server where it should also be assigned to an application ID of your choice.
The application ID is simply used as a parameter when establishing a connection via an SSL socket API.

Once the cert has been installed via the DCM, Scott has provided a means of using it by adding procedure call that simply accepts the application ID as a parameter that will subsequently be passed to the GSK API on a connection attempt. Providing that you have elected to compile Scott's HTTPAPI with the option to support digital certs, then that's about all there is to it.

Of course, all authorities that supply digital certs, issue them with an expiry date, so a certain amount of vigilance is required to ensure that you download and install a new (or renewed) certificate prior to the expiry date to avoid the operational errors that might arise when authentication begins failing because your client certificate has expired.

Peter


-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Lowary, Jim
Sent: Thursday, 24 December 2009 3:47 a.m.
To: ftpapi@xxxxxxxxxxxxxxxxxxxxxx
Subject: Question on HTTPAPI and GSKIt API's

I'm taking over an iSeries project that got shelved a couple of years ago to transmit and receive some file using SSL using a digital cert.
Time ran out so a Delphi program was used to send/receive the files from/to the IFS,  now it has been decided to get this back on the iSeries.

I have a program that was a work in progress from back then,  that was attempting to use the GSKit api's.  I have used the HTTPAPI to send and receive xml files via https, but did not have to use a digital cert, on this project it is required to use a digital cert  from the vendor.  

My question after all this explanation, is can the HTTPAPI do digital cert's or should I keep on down the road using the GSKit api's?

Maybe it's just my brain that is refusing to work this close to the holidays!  ;-)

Thanks,
-- Jim Lowary
Mo Farm Bureau
Visit our website www.vedaadvantage.com. It has a new design with improved navigation and search capabilities; and customer friendly interface with more relevant insights and solutions to help you make informed decisions.

#####################################################################################

This correspondence is for the named person's use only. It may contain confidential 
or legally privileged information, or both. No confidentiality or privilege is waived
or lost by any mistransmission. If you receive this correspondence in error, please
immediately delete it from your system and notify the sender. You must not disclose, 
copy or rely on any part of this correspondence if you are not the intended recipient. 
Any views expressed in this message are those of the individual sender, except where
the sender expressly, and with authority, states them to be the views of Veda Advantage.
If you need assistance, please contact Veda Advantage on either :-
Australia 1300-921-621 or New Zealand +64 9 367 6200
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------