[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Just got a "(GSKit) Access to the key database is not allowed." exception.
On 1/17/2012 1:01 PM, James Lampert wrote:
> Would anybody know what would cause a "(GSKit) Access to the key
> database is not allowed." exception to be thrown?
In my experience, it means that the user running the program doesn't
have access to the key database.
>
> At this point, I don't know where it happened in my code, except that
> the DSPLY statement the job is currently stopped at is in code that was
> cribbed from Example 9.
>
It looks like one of the messages from HTTPAPI. The operating system
actually returns the string "Access to the key database is not
allowed.", and HTTPAPI prepends the (GSKit) so we have a little more
context.
In order for a TLS/SSL session to established, cryptography needs to be
done. In order to do that cryptography, HTTPAPI calls a set of routines
in the operating system known as the "Global Secure Toolkit" (or, GSKit
for short.)
The OS routines, by default, store crypto keys in the
/QIBM/UserData/ICSS/CERT/SERVER directory of the IFS. The names of the
objects in that directory are DEFAULT.KDB and DEFAULT.RDB.
If the user doesn't have authority to read those files, then they can't
load keys and therefore can't do any SSL.
The README member included with HTTPAPI describes this, and describes
the process of granting authority.
-SK
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------