[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RE: Help! I have broke HTTPAPI.
As I am in debug mode for program EXAMPLE22,
At the point :
If requested, set up a certificate validation
callback
if
defined(V5R3_GSKIT)
if wkGskValUsrDta <>
*null
callp gsk_attribute_set_callback( wkEnvh
: GSK_CERT_VALIDATION_CALLBACK
: wkGskValUsrDta )
Initialize the SSL environment. After this, secure sessions
can be created!
eval rc = gsk_environment_init(wkEnvh)
RC = 6003
What does 6003 mean?????????
Gerald Magnuson
Supervisor, System i Adminstration & Development
IBM Certified Specialist, i5 Administration
The Knapheide Manufacturing Company
Quincy, Illinois
(217) 592-5291
From: Gerald Magnuson
Sent: Thursday, February 11, 2010 10:03 AM
To: 'ftpapi@xxxxxxxxxxxxxxxxxxxxxx'
Subject: RE: Help! I have broke HTTPAPI.
Ok,
First, I apologize, I am going nuts here....
I finally decided to READ THE INSTURCTIONS!
In the README in LIBHTTP/QRPGLESRC:
I have followed the following steps:
REQUIREMENTS FOR BUILDING WITH SSL
SUPPORT
---------------------------------------------------------------------
1) You need to have these programs installed (as of
V5R2):
-- Digital Certificate Manager which
is
opt 34 of OS/400.
(5722-SS1)
-- TCP/IP Connectivity Utilities
(5722-TC1)
-- IBM HTTP server for iSeries
(5722-DG1)
-- IBM Crypto Access Provider (5722-AC3) (pre
V5R4)
-- In order to access the Digital Certificate Manager
from
the web server, you'll also need the IBM
Developer
Kit for Java
(5722-JV1).
2) This software uses IBM's "Global Secure Toolkit"
(GSKit)
for SSL. This is available only in V4R5 and
later.
In V5R1 and later, it is included with the base
OS/400.
For V4R5: You need CUM PTF packages C1100450 to be
installed
In addition to that, I have the following
PTFs
installed: (I don't know which ones are
absolutely
necessary)
SF64938 SF66346 SF64197
SF64936
MF25723 MF25724 MF25725 MF25728
MF25306
MF25307
MF25309
Of course, you'll want to make sure that you read the
cover
sheets and install any prerequsites, as per normal
PTF
procedures...
3) Once you have all of that installed, you'll need to set
up
the *SYSTEM certificate store in the Digital
Certificate
Manager. If you already have this configured,
you're
ready to use HTTPAPI's SSL
support.
4) Start the digital certificate manager by
typing:
STRTCPSVR SERVER(*HTTP)
HTTPSVR(*ADMIN)
5) Connect to the ADMIN instance of the HTTP server by
pointing
your Web browser
to:
http://your-system-name:2001
6) Click "Digital Certificate
Manager"
7) Click "Create New Certificate Store" (in the navigation
frame
on the
left)
8) Follow the prompts to create a *SYSTEM certificate store
9) You do not need to create or assign any certificates
unless
required by the business partner that you will be
communicating with. Usually this is only required
when
security is vital (such as when talking to a
bank).
Companies like UPS, for example, don't require you to
send
them any
certificates.
GRANTING ORDINARY USERS PERMISSION TO RUN SSL
APPLICATIONS
---------------------------------------------------------------------
1) In order to give your users proper permissions to run
apps
that use HTTPAPI/SSL you should give them access to
the
*SYSTEM certificate store.
2) Open iSeries Navigator (or, Operations
Navigator)
3) Click your iSeries connection, then "Users and
Groups"
4) To grant access to a group profile, click
"Groups"
To grant access to an individual user, click "All
Users"
5) Choose the user profile that you'd like to grant access
to,
right click on it, and choose
"Properties"
6) Click the "Capabilities"
button.
7) Select the "Applications"
tab
8) Pull down the "Access for" list box, and select "host
applications"
9) Expand the "Digital Certificate Manager" and check the
box next to the "*SYSTEM certificate store"
I signed off, and on again but when I run EXAMPLE22
I still get:
gsk_env_init: (GSKit) Access to the key database is not allowed.
Gerald Magnuson
Supervisor, System i Adminstration & Development
IBM Certified Specialist, i5 Administration
The Knapheide Manufacturing Company
Quincy, Illinois
(217) 592-5291
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------