[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [BULK] Re: HTTPAPI sending a certificate.

From: "Jason Baker" <JasonB@xxxxxxxxxx>
To: "HTTPAPI and FTPAPI Projects" <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: [BULK] Re: HTTPAPI sending a certificate.
Date: Tue, 29 Sep 2009 08:24:46 -0400

Scott,

The "invalid certificate" was the statement that I received from talking
to IBM support for DCM.  I sent them both the P12 file and the PEM file
and IBM tells me that there is no way they will be able to import this
"invalid certificate".  To this statement, even the bank agrees that the
certificate is only used on their part for "passing/verifying"
information and then using that information to process on their end.
The bank is telling me that they will not process anything from us until
they get that certificate.  Their "generic" response is what I am
getting, that you see in the log.  If you look at that in more detail,
you will see that it says "Please call Merchant Services".

They have examples of PHP and Java that all you do is specify the path
of the certificate they send us and it works.  We don't import anything.
For PHP we simply do the following:
*** $cert = "/path/1234567890.pem"; 
*** curl_setopt ($ch, CURLOPT_SSLCERT, $cert);
*** $result = curl_exec ($ch);

Granted I left out other "setopt" before running the curl_exec but this
is that simple.  This works just fine without loading anything in DCM or
importing anything.

My question wasn't related to asking you to rewrite anything.  I was
simply asking if this was possible.  I do not wish to rewrite anything
either.  If nothing else, we will simply use PHP because it works.  I
just wanted to stick with RPG because that is what the entire rest of
the web site is written in.

As for "understanding your instructions" I think I got them just fine.
However; that doesn't work.  Even IBM DCM Support understood them but
still will not work with the certificate that was sent.  Really, I am
not "making up" the invalid certificate.

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott
Klement
Sent: Monday, September 28, 2009 6:31 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: [BULK] Re: HTTPAPI sending a certificate.

You've lost me.  An invalid certificate won't work.  It doesn't matter 
if you use PHP or Java or anything else.  This has nothing to do with 
the programming language.

The following code will never work:
https_init(/www/folder/htdocs/InvalidCertificate)

That's not how you assign certificates.  You have to load your 
certificate through digital certificate manager.  You can't simply list 
it's pathname.

HTTPAPI does not do any SSL processing on it's own.  It uses the SSL 
code that's built into the operating system.  It doesn't many any 
difference what language your program is written in, because all 
languages invoke the same code inside the operating system.  It's not a 
programming language issue.

It's possible that if you used a different SSL library (for example, 
calling OpenSSL from PASE instead of using the GSKit library from IBM) 
you could end up finding a way to get the certificate through.  But 
again, that's not a language-specific thing.  Any language calling that 
SSL library will work the same.

However, I have no intention of rewriting HTTPAPI to use a different SSL

library. If you want it to use a different one, feel free to write it 
yourself and contribute the code back to the project.  This is, after 
all, an open source project.

But I can't help but wonder if you just didn't understand my 
instructions, since you seem to think that you can just specify a 
pathname to HTTPAPI...

Jason Baker wrote:
> Scott,
> 
> After being on the phone with the banks credit card processing company
> basically all day, it turns out they "refuse" to send us a "valid"
> client certificate and state that if we wouldn't use RPG it would work
> just fine.  They want me to use PHP or Java to pick up the file stored
> in a folder "as is".
> 
> The PHP example is $cert = "/path/1234567890.pem";
> 
> Therefore, would it be possible for this to work?
> https_init(/www/folder/htdocs/InvalidCertificate) 
> 
> Oh yeah, the funny thing after talking to a manager, they know the
> certificate is not valid but we have to have it to communicate with
> them.
> 
> What a day, thanks for your help.
> 
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References:
- HTTPAPI sending a certificate.
  - From: Jason Baker
- Re: HTTPAPI sending a certificate.
  - From: Scott Klement
- RE: [BULK] Re: HTTPAPI sending a certificate.
  - From: Jason Baker
- Re: [BULK] Re: HTTPAPI sending a certificate.
  - From: Scott Klement

Prev by Date: RE: [BULK] Re: HTTPAPI sending a certificate.
Next by Date: RE: [BULK] Re: HTTPAPI sending a certificate.
Previous by thread: Re: [BULK] Re: HTTPAPI sending a certificate.
Next by thread: RE: [BULK] Re: HTTPAPI sending a certificate.
Index(es):
- Date
- Thread