[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Help! I have broke HTTPAPI.
Here's a quick & dirty CL program (should work on any release of OS/400)
that will give *PUBLIC enough authority to use SSL certs. (But not
create them)
Tweak it as needed...
PGM
DCL VAR(&USER) TYPE(*CHAR) LEN(10) VALUE('*PUBLIC')
DCL VAR(&POS) TYPE(*DEC) LEN(3 0)
DCL VAR(&STORE) TYPE(*CHAR) LEN(100)
DCL VAR(&PATH) TYPE(*CHAR) LEN(100)
CHGVAR VAR(&STORE) +
VALUE('/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB')
CHGVAR VAR(&POS) VALUE(1)
LOOP: IF (%SST(&STORE &POS 1) *NE ' ') DO
IF (%SST(&STORE &POS 1) *EQ '/') DO
CHGVAR VAR(&PATH) +
VALUE(%SST(&STORE 1 &POS))
CHGAUT OBJ(&PATH) USER(&USER) DTAAUT(*RX)
ENDDO
CHGVAR VAR(&POS) VALUE(&POS + 1)
GOTO LOOP
ENDDO
CHGAUT OBJ(&STORE) USER(&USER) DTAAUT(*R)
CHGVAR VAR(&STORE) +
VALUE('/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.RDB')
CHGAUT OBJ(&STORE) USER(&USER) DTAAUT(*R)
ENDPGM
Gerald Magnuson wrote:
> As I am in debug mode for program EXAMPLE22,
>
> At the point :
>
>
> If requested, set up a certificate validation
> callback
>
> if
> defined(V5R3_GSKIT)
>
> if wkGskValUsrDta <>
> *null
>
> callp gsk_attribute_set_callback( wkEnvh
>
> : GSK_CERT_VALIDATION_CALLBACK
>
> : wkGskValUsrDta )
>
>
> Initialize the SSL environment. After this, secure sessions
>
> can be created!
>
> eval rc = gsk_environment_init(wkEnvh)
>
>
>
>
> RC = 6003
>
>
> What does 6003 mean?????????
>
>
> Gerald Magnuson
>
> Supervisor, System i Adminstration & Development
>
> IBM Certified Specialist, i5 Administration
>
> The Knapheide Manufacturing Company
>
> Quincy, Illinois
>
> (217) 592-5291
>
>
> From: Gerald Magnuson
> Sent: Thursday, February 11, 2010 10:03 AM
> To: 'ftpapi@xxxxxxxxxxxxxxxxxxxxxx'
> Subject: RE: Help! I have broke HTTPAPI.
>
>
> Ok,
>
> First, I apologize, I am going nuts here....
>
>
> I finally decided to READ THE INSTURCTIONS!
>
>
> In the README in LIBHTTP/QRPGLESRC:
>
> I have followed the following steps:
>
> REQUIREMENTS FOR BUILDING WITH SSL
> SUPPORT
>
> ---------------------------------------------------------------------
>
> 1) You need to have these programs installed (as of
> V5R2):
>
> -- Digital Certificate Manager which
> is
>
> opt 34 of OS/400.
> (5722-SS1)
>
> -- TCP/IP Connectivity Utilities
> (5722-TC1)
>
> -- IBM HTTP server for iSeries
> (5722-DG1)
>
> -- IBM Crypto Access Provider (5722-AC3) (pre
> V5R4)
>
> -- In order to access the Digital Certificate Manager
> from
>
> the web server, you'll also need the IBM
> Developer
>
> Kit for Java
> (5722-JV1).
>
>
>
> 2) This software uses IBM's "Global Secure Toolkit"
> (GSKit)
>
> for SSL. This is available only in V4R5 and
> later.
>
>
>
> In V5R1 and later, it is included with the base
> OS/400.
>
> For V4R5: You need CUM PTF packages C1100450 to be
> installed
>
> In addition to that, I have the following
> PTFs
>
> installed: (I don't know which ones are
> absolutely
>
>
> necessary)
>
> SF64938 SF66346 SF64197
> SF64936
>
> MF25723 MF25724 MF25725 MF25728
> MF25306
>
> MF25307
> MF25309
>
>
>
> Of course, you'll want to make sure that you read the
> cover
>
> sheets and install any prerequsites, as per normal
> PTF
>
>
> procedures...
>
>
>
> 3) Once you have all of that installed, you'll need to set
> up
>
> the *SYSTEM certificate store in the Digital
> Certificate
>
> Manager. If you already have this configured,
> you're
>
> ready to use HTTPAPI's SSL
> support.
>
>
>
> 4) Start the digital certificate manager by
> typing:
>
> STRTCPSVR SERVER(*HTTP)
> HTTPSVR(*ADMIN)
>
>
>
> 5) Connect to the ADMIN instance of the HTTP server by
> pointing
>
> your Web browser
> to:
>
>
> http://your-system-name:2001
>
>
>
> 6) Click "Digital Certificate
> Manager"
>
>
>
> 7) Click "Create New Certificate Store" (in the navigation
> frame
>
> on the
> left)
>
>
>
> 8) Follow the prompts to create a *SYSTEM certificate store
>
>
>
> 9) You do not need to create or assign any certificates
> unless
>
> required by the business partner that you will be
>
> communicating with. Usually this is only required
> when
>
> security is vital (such as when talking to a
> bank).
>
> Companies like UPS, for example, don't require you to
> send
>
> them any
> certificates.
>
>
>
>
>
> GRANTING ORDINARY USERS PERMISSION TO RUN SSL
> APPLICATIONS
>
> ---------------------------------------------------------------------
>
> 1) In order to give your users proper permissions to run
> apps
>
> that use HTTPAPI/SSL you should give them access to
> the
>
> *SYSTEM certificate store.
>
>
>
> 2) Open iSeries Navigator (or, Operations
> Navigator)
>
>
>
> 3) Click your iSeries connection, then "Users and
> Groups"
>
>
>
> 4) To grant access to a group profile, click
> "Groups"
>
> To grant access to an individual user, click "All
> Users"
>
>
>
> 5) Choose the user profile that you'd like to grant access
> to,
>
> right click on it, and choose
> "Properties"
>
>
>
> 6) Click the "Capabilities"
> button.
>
>
>
> 7) Select the "Applications"
> tab
>
>
>
> 8) Pull down the "Access for" list box, and select "host
>
> applications"
>
>
> 9) Expand the "Digital Certificate Manager" and check the
>
> box next to the "*SYSTEM certificate store"
>
>
>
>
>
>
>
> I signed off, and on again but when I run EXAMPLE22
>
> I still get:
>
> gsk_env_init: (GSKit) Access to the key database is not allowed.
>
>
>
>
>
>
>
> Gerald Magnuson
>
> Supervisor, System i Adminstration & Development
>
> IBM Certified Specialist, i5 Administration
>
> The Knapheide Manufacturing Company
>
> Quincy, Illinois
>
> (217) 592-5291
>
>
>
> ------------------------------------------------------------------------
>
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list. To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------