RE: RE: Help! I have broke HTTPAPI.

["Gerald Magnuson" <gmagnuson@xxxxxxxxxxxxx>]

   As I am in debug mode for program EXAMPLE22,

   At the point :


     If requested, set up a certificate validation
   callback

    if
   defined(V5R3_GSKIT)

                      if        wkGskValUsrDta <>
   *null

   callp     gsk_attribute_set_callback( wkEnvh

                 : GSK_CERT_VALIDATION_CALLBACK

                 : wkGskValUsrDta )


   Initialize the SSL environment.  After this, secure sessions

      can be created!

                     eval      rc = gsk_environment_init(wkEnvh)




   RC = 6003


   What does 6003 mean?????????


   Gerald Magnuson

   Supervisor, System i Adminstration & Development

   IBM Certified Specialist, i5 Administration

   The Knapheide Manufacturing Company

   Quincy, Illinois

   (217) 592-5291


   From: Gerald Magnuson
   Sent: Thursday, February 11, 2010 10:03 AM
   To: 'ftpapi@xxxxxxxxxxxxxxxxxxxxxx'
   Subject: RE: Help! I have broke HTTPAPI.


   Ok,

   First, I apologize, I am going nuts here....


   I finally decided to READ THE INSTURCTIONS!


   In the README in LIBHTTP/QRPGLESRC:

   I have followed the following steps:

   REQUIREMENTS FOR BUILDING WITH SSL
   SUPPORT

   ---------------------------------------------------------------------

     1)  You need to have these programs installed (as of
   V5R2):

           -- Digital Certificate Manager which
   is

               opt 34 of OS/400.
   (5722-SS1)

           -- TCP/IP Connectivity Utilities
   (5722-TC1)

           -- IBM HTTP server for iSeries
   (5722-DG1)

           -- IBM Crypto Access Provider (5722-AC3) (pre
   V5R4)

           -- In order to access the Digital Certificate Manager
   from

                the web server, you'll also need the IBM
   Developer

                Kit for Java
   (5722-JV1).



     2)  This software uses IBM's "Global Secure Toolkit"
   (GSKit)

           for SSL.  This is available only in V4R5 and
   later.



           In V5R1 and later, it is included with the base
   OS/400.

           For V4R5:  You need CUM PTF packages C1100450 to be
   installed

                      In addition to that, I have the following
   PTFs

                      installed: (I don't know which ones are
   absolutely


   necessary)

                      SF64938  SF66346  SF64197
   SF64936

                      MF25723  MF25724  MF25725  MF25728
   MF25306

                      MF25307
   MF25309



           Of course, you'll want to make sure that you read the
   cover

           sheets and install any prerequsites, as per normal
   PTF


   procedures...



     3)  Once you have all of that installed, you'll need to set
   up

           the *SYSTEM certificate store in the Digital
   Certificate

           Manager. If you already have this configured,
   you're

           ready to use HTTPAPI's SSL
   support.



     4)  Start the digital certificate manager by
   typing:

           STRTCPSVR SERVER(*HTTP)
   HTTPSVR(*ADMIN)



    5)  Connect to the ADMIN instance of the HTTP server by
   pointing

           your Web browser
   to:


   http://your-system-name:2001



     6)  Click "Digital Certificate
   Manager"



     7)  Click "Create New Certificate Store" (in the navigation
   frame

           on the
   left)



     8)  Follow the prompts to create a *SYSTEM certificate store



     9)  You do not need to create or assign any certificates
   unless

           required by the business partner that you will be

           communicating with.  Usually this is only required
   when

           security is vital (such as when talking to a
   bank).

           Companies like UPS, for example, don't require you to
   send

           them any
   certificates.





   GRANTING ORDINARY USERS PERMISSION TO RUN SSL
   APPLICATIONS

    ---------------------------------------------------------------------

     1)  In order to give your users proper permissions to run
   apps

           that use HTTPAPI/SSL you should give them access to
   the

           *SYSTEM certificate store.



     2)  Open iSeries Navigator (or, Operations
   Navigator)



     3)  Click your iSeries connection, then "Users and
   Groups"



     4)  To grant access to a group profile, click
   "Groups"

         To grant access to an individual user, click "All
   Users"



     5)  Choose the user profile that you'd like to grant access
   to,

            right click on it, and choose
   "Properties"



     6)  Click the "Capabilities"
   button.



     7)  Select the "Applications"
   tab



     8)  Pull down the "Access for" list box, and select "host

            applications"


     9)  Expand the "Digital Certificate Manager" and check the

            box next to the "*SYSTEM certificate store"







   I signed off, and on again but when I run EXAMPLE22

   I still get:

   gsk_env_init: (GSKit) Access to the key database is not allowed.







   Gerald Magnuson

   Supervisor, System i Adminstration & Development

   IBM Certified Specialist, i5 Administration

   The Knapheide Manufacturing Company

   Quincy, Illinois

   (217) 592-5291

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------