Hello,
HTTPAPI is calling the gsk_secure_soc_init() function provided by the IBM i operating system. It is returning error code GSK_ERROR_UNSUPPORTED_CERTIFICATE_TYPE.
You can learn more about this function and error code here:
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/apis/gsk_secure_soc_init.htm
-SK
Hi,
on OS 7.4 we get this error "(GSKit) Certificate type is not supported" when IBMi is consuming webservices on prod servers (linux) .When we test it by consuming webservices on test servers - it's ok on the same IBMi.
What gives this error on GSKIT? Is it a problem with DCM?A cipher problem?
Seems like it's using TLSV1.2 on both test and prod servers.
I could not find TLSv1.3 in https_init.Does HTTPAPI support TLSv1.3?
From debug log:HTTPAPI Ver 1.41 released 2020-06-05
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R4M0
New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0
File CCSID changed to 1208
http_url_get(): entered
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry : 3
DNS resolver options: x'00000136'
DNS default domain: xxxxxx.xxxx.no
DNS server found: 999.999.249.11
DNS server found: 999.999.249.11
DNS server found: 999.999.249.12
https_init(): entered
QSSLPCL = *OPSYS
SSL version 2 support disabled
SSL version 3 support disabled
Old interface to TLS version 1.0 support enabled
TLS version 1.0 support enabled
TLS version 1.1 support enabled
TLS version 1.2 support enabled
initializing GSK environment
GSK Environment now available
--------------------------------------------------------------------------------
Dump of local-side certificate information:
--------------------------------------------------------------------------------
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: nnnnnnn.trusted.nnn.no
(GSKit) Certificate type is not supported.
ssl_error(405): (GSKit) Certificate type is not supported.
SetError() 30: SSL Handshake: (GSKit) Certificate type is not supported.
Best regardsMagne Kofoed
-- _______________________________________________ Ftpapi mailing list Ftpapi@xxxxxxxxxxxxxxxxxxxxxx http://scottklement.com/mailman/listinfo/ftpapi