[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
New Server - Issues calling a Web Service
Hi Scott,
I'm having an interesting problem. We've migrated from our old IBM i to
a new one, and in doing so have messed up our call to a web service.
Both the old and the new server have HTTPAPI V1.24 installed. Both the
old and the new server are at V7R1. Both the old and new server are
allowing protocols TLSv1.0, TLSv1.1 and TLSv1.2 (we will be shutting
TLSv1.0 down soon). Certificates that were installed on the old server
have been installed on the new one.
We shut down the old server, and started running our calls to the web
service from the new one. Here is the log file from the broken call:
// ***************************** beginning of log file---
HTTPAPI Ver 1.24beta11 released 2010-09-09
OS/400 Ver V7R1M0
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry : 2
DNS resolver options: x'00000136'
DNS default domain: unitedheritage.com
DNS server found: 192.168.30.7
DNS server found: 207.170.210.162
DNS server found: 168.215.210.50
(GSKit) Peer not recognized or badly formatted message received.
ssl_error(410): (GSKit) Peer not recognized or badly formatted message
received.
SetError() #30: SSL Handshake: (GSKit) Peer not recognized or badly
formatted message received.
-----------------------------------------------------------------------
--------------
Dump of server-side certificate information:
-----------------------------------------------------------------------
--------------
Cert Validation Code = 0
(GSKit) An operation which is not valid for the current SSL session
state was attempted.
ssl_error(5): (GSKit) An operation which is not valid for the current
SSL session state was attempted.
(GSKit) An operation which is not valid for the current SSL session
state was attempted.
//*********************** end of log file---
Here is the log file from a successful call made on the old server:
// ***************************** beginning of log file---
HTTPAPI Ver 1.24beta11 released 2010-09-09
OS/400 Ver V7R1M0
New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry : 2
DNS resolver options: x'00000136'
DNS default domain: unitedheritage.com
DNS server found: 192.168.30.7
DNS server found: 207.170.210.162
DNS server found: 168.215.210.50
https_init(): entered
-----------------------------------------------------------------------
--------------
Dump of local-side certificate information:
-----------------------------------------------------------------------
--------------
-----------------------------------------------------------------------
--------------
Dump of server-side certificate information:
-----------------------------------------------------------------------
--------------
Cert Validation Code = 0
-----BEGIN CERTIFICATE-----
///deleted///
-----END CERTIFICATE-----
Serial Number: ==deleted==
Common Name: ==deleted==
Country: US
State/Province: New Jersey
Locality: Teterboro
Org Unit: : ==deleted==
Org: : ==deleted==
Issuer CN: Symantec Class 3 Secure Server CA - G4
Issuer Country: US
Issuer Org: Symantec Corporation
Issuer Org Unit: Symantec Trust Network
Version: 3
not before: 20150511180000
Unknown Field: 18:00:00 11-05-2015
not after: 20160522175959
Unknown Field: 17:59:59 22-05-2016
pub key alg: ==deleted==
Protocol Used: TLS Version 1
http_persist_post(): entered
http_long_ParseURL(): entered
do_oper(POST): entered
POST : ==deleted== HTTP/1.1
Host: : ==deleted the remainder of the data, as it's PII ==
//*********************** end of log file---
Is anything glaringly obvious - other than the lack of the certificate?
The certificate is in the DCM. I'm baffled!
Thanks for any help you can provide.
Kim Mitchell,
United Heritage Financial Group
Meridian, Idaho
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------