[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HTTPAPI and SSL

From: Scott Klement <sk@xxxxxxxxxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: HTTPAPI and SSL
Date: Tue, 17 May 2011 12:39:01 -0500

> I can call the web service, the code on the app server executes, I
> get a response from the web service. The problem is that the soap
> envelope I construct isn't making it to the web server.

That's a new one to me.  I've never heard of it successfully 
establishing the connection, but then failing to send the data.  Please 
post a debug log so we can see what's happening.


> I've placed system.outs after every line of code on the java side and
> the input parameters are clearly not making it to the web service.  I
> thought this may have something to do with the face that the test web
> service is using a self signed cert and this cert is not in the CA
> store on the AS400, but I don't think that is the problem since I can
> get the java programs to execute and return a response to the as400.

I agree.  If you can successfully establish a connection and exchange 
part of the data (the part that tells which service to invoke, et al) 
then clearly the SSL portion of the process is working.

> Just for grins I looked at the certificate store and can't find a
> client application for the httpapi (as some internet postings alluded
> to). That really confused me since I would think that I needed to
> trust a certificate before I'd accept it. This says to me that the
> AS400 is accepting the self signed certificate from the app server
> even though I don't it doesn't come from a trusted CA. Anyone care to
> elaborate?

No client application profile is required unless you plan to do 
client-side certificates (which is an unusual requirement in HTTPS)

If you WANT to have a client application profile, then it's possible to 
use one.  You need to call https_init('PROFILE_NAME'); when you load 
your program.  And you have to have a matching client application 
profile set up in the DCM (by "matching", I mean it's application ID 
must be 'PROFILE_NAME')

But, I don't understand why we're worried about this, considering that 
we've already established that SSL isn't the problem.

Please help us focus on the problem at hand by proving a debug log. 
This will clue us in as to what is and isn't working, and help us see 
what the problem might be.

If you don't know how to generate one, the process is described on the 
2nd half of the following page:
http://www.scottklement.com/httpapi/beta/
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- Compressed HTTPS
  - From: Ian Patterson
- Re: HTTPAPI and SSL
  - From: OCoronado

References:
- HTTPAPI and SSL
  - From: OCoronado

Prev by Date: HTTPAPI and SSL
Next by Date: Compressed HTTPS
Previous by thread: HTTPAPI and SSL
Next by thread: Compressed HTTPS
Index(es):
- Date
- Thread