[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Just got a "(GSKit) Access to the key database is not allowed." exception.
Scott Klement wrote:
> The OS routines, by default, store crypto keys in the
> /QIBM/UserData/ICSS/CERT/SERVER directory of the IFS. The names of the
> objects in that directory are DEFAULT.KDB and DEFAULT.RDB.
>
> If the user doesn't have authority to read those files, then they can't
> load keys and therefore can't do any SSL.
Uh, regarding the instructions in the readme member, they're specific to
Ops Nav, and when I bring up "System i Navigator," I don't see anything
but "Basic Operations" in the connection. (We're not an Ops Nav shop.)
And while I do see "Users and Groups" in the Admin web page, I don't see
anything for granting users authority to the *SYSTEM certificate store.
What I *did* find was that (1) giving *OWNER authority to your HTTPAPI
*SRVPGM, and/or my WTGOOGLEC *SRVPGM didn't seem to make any difference,
and (2) giving *PUBLIC *RX authority to the above-named directory and
the above-named files (from WRKLNK) *did* seem to do the job.
--
JHHL
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------