[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2way SSL authenitcation
Hi Rick,
To do this, you need to associate your HTTPAPI session with an
application key in the Digital Certificate Manager (DCM). That's done
by:
1) Go into the *ADMIN instance of your HTTP server on the system(s)
where you plan to run HTTPAPI.
2) On V5R4 and below, click "Digital Certificate Manager"
On IBM i 6.1 and higher, click IBM i Tasks, THEN Digital
Certificate Manager
3) Click "Select a Certificate Store", then choose *SYSTEM, and click
Continue
4) You will need the password for the *SYSTEM certificate store.
Please enter it, etc.
5) Click on "manage applications" on the left.
6) Select "Add application", and follow the instructions on the screen.
In the add application dialog, you will be asked to pick an application
identifier. I suggest something named after your company to prevent
naming conflicts with any other applications that create IDs for SSL.
So something like (assuming your company name is 'ACME')
ACME_HTTPAPI_TIVOLICLIENT
Also, on these screens you'll have the option to assign a certificate
to your application. This is how HTTPAPI knows which certificate to
send to the server (for two-way authentication). You can also assign a
CA trust list that's used to validate the server's SSL certificate if
you like.
7) In your HTTPAPI application, you need to tell HTTPAPI to use the
application ID that you assigned in the digital certificate manager.
This associates your HTTPAPI session with all of the settings you just
set up. You do this by calling the https_init() routine and passing
the AppId as a parameter. (This should be done before any SSL work is
done.)
https_init('ACME_HTTPAPI_TIVOLICLIENT');
Good luck!
On 9/11/2012 11:37 AM, Rick Bovet wrote:
Hello all
I am working on a PCI project. One of the requirements is 2way SSL
authentication. See link describing this process.
[1][1]http://publib.boulder.ibm.com/infocenter/tivihelp/v5r1/index.jsp?top
ic=%2Fcom.ibm.itim.infocenter.doc%2Fcpt%2Fcpt_ic_security_ssl_authent2w
ay.html
We do have some experience with HTTPAPI. Can anybody tell me if this
can be accomplished using HTTPAPI?
Any help is appreciated
Met vriendelijke groet / Kind regards,
Rick Bovet
Development Manager
P please observe the new direct dial below
[2]cid:image001.png@01CB5418.F5751370
ECi Software Solutions
Siriusdreef 66, 2132 WT Hoofddorp
Postbus 3005, 2130 KA Hoofddorp
Netherlands
Tel. +31 (0)23-555 49 49
Fax +31 (0)23-562 58 48
Direct dial: +31 (0)23-564 98 55
[[3]2]rbovet@xxxxxxxxxxxxxxxx
[3]www.eci.eu & [4]www.easyorder.eu
ECi Software Solutions is a division of eCommerce Industries, Inc
[5]www.ecisolutions.com
P please consider the environment before printing this e-mail
References
1. [4]http://publib.boulder.ibm.com/infocenter/tivihelp/v5r1/index.jsp?topic=
%2Fcom.ibm.itim.infocenter.doc%2Fcpt%2Fcpt_ic_security_ssl_authent2way.html
2. [5]mailto:jenaam@xxxxxxxxxxxxxxxx
3. [6]http://www.eci.eu/
4. [7]http://www.easyorder.eu/
5. [8]http://www.ecisolutions.com/
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
[9]http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
References
1. http://publib.boulder.ibm.com/infocenter/tivihelp/v5r1/index.jsp?top
2. cid:image001.png@01CB5418.F5751370
3. mailto:2]rbovet@xxxxxxxxxxxxxxxx
4. http://publib.boulder.ibm.com/infocenter/tivihelp/v5r1/index.jsp?topic=%2Fcom.ibm.itim.infocenter.doc%2Fcpt%2Fcpt_ic_security_ssl_authent2way.html
5. mailto:jenaam@xxxxxxxxxxxxxxxx
6. http://www.eci.eu/
7. http://www.easyorder.eu/
8. http://www.ecisolutions.com/
9. http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------