[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: GSKit SSL Handshake Error

From: "Hammack, Ted" <thammack@xxxxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: GSKit SSL Handshake Error
Date: Fri, 19 Feb 2016 13:55:31 +0000

Hi Scott, thanks for getting back to me on this.

We have been told by First Data from day 1, that we need their certificate to consume this web service. They provided us with the client and root certs, and Tony installed the applicable cert on the IBMi using DCM. In addition, I added the cert in SoapUI, and have been able to successfully test the various functions in SoapUI (which did not work without their cert). Besides, it makes sense that we need an SSL certificate based on the presence of HttpS in the WSDL URL provided....

https://merchanttest.ctexmloma.compass-xml.com:443/cmpwsapi/services

After creating the stubs and services program using the newer WSDL2RPG, I created the driver program WSFDMS001T, using the command taken from Tom's article...

WSDL2RPG URL('file:/home/hammat/order.wsdl')    
SERVICE('CMPWSApiPort' 'OnlineTrans()')         
SRCFILE(*LIBL/QWSDL2RPG) SRCMBR(WSFDMS001T *YES)        
TYPE(*PGM) STUB(WSFDMS001) DIM(60) STRLEN(60)    

After stepping through debug in the driver program (just after the OnlineRequest call) the http error message returned told me that I needed to supply the username and password (which First Data also gave to us). After adding this in the ...Port_supplyLoginData routine in the service program, the error went away, and was replaced by the GSKit SSL Handshake error. 

We are now trying to get past this with a call to axiscStubSetSecure (based on the article below). However, I'm having trouble finding what generated name (routine) to point to for the getStub prototype.  

http://www-01.ibm.com/support/docview.wss?uid=nas8N1011196

We have come so far with this, and are so close. Is there any other (more suitable) forum we should be posting to?

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott Klement
Sent: Thursday, February 18, 2016 11:15 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: GSKit SSL Handshake Error

Hi Ted,

It's unclear why you would need a certificate assigned to your 
application?    Can you explain the requirements, here?    The most 
common scenario for a client-side application is to NOT use a certificate.  Normally, only server applications need certificates (in 
like 95% of the cases.)   Unless you are referring to a CA Certificate?  
That's a different matter.

If what you're looking for is a CA Certificate, then i wonder why you'd like to associate it with an application?

If you do need client-side certificates, I could tell you how to configure them in HTTPAPI, but I cannot tell you how to do so in WSDL2RPG, as that is not my project, and I am not familiar with it.

Thomas Raddatz  is usually a frequent participant on this mailing list.  
Usually his responses (as well as others here) are very good and frequent, but there are no guarantees because this is "community support" on an "open source" project.  HTTPAPI also offers commercial support and consulting, but I do not know whether WSDL2RPG offers the same.

-SK

On 2/12/2016 8:24 AM, Hammack, Ted wrote:
>     We recently used a newer version of WSDL2RPG (developed by Thomas
>     Raddatz) to create stubs and service programs for a fairly complex WSDL
>     (a WSDL that the IBM told us could not be processed by their IWS client
>     tool due to the presence of "complex content extensions").
>
>
>
>     We now have a driver program set up to consume the service. Immediately
>     after executing the OnlineTransRequest, we get an HttpError_getCode
>     return value of 30 and an HttpError_getText value that reads...
>
>
>
>     "(GSKit) No certificate is available for SSL processing"
>
>
>
>     Our LAN director says that he already installed the certificate using
>     IBM's Digital Certificate Manager. Is there something else that we need
>     to do that will allow us to link the program to the cert? (is there a
>     built-in function that handles this in RPG?)
>
>
>
>     

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- SV: GSKit SSL Handshake Error
  - From: Julius Kaj

References:
- GSKit SSL Handshake Error
  - From: Hammack, Ted
- Re: GSKit SSL Handshake Error
  - From: Scott Klement

Prev by Date: RE: Example23
Next by Date: RE: SetError() #66: XML parse failed at line 2, col 0: no element found
Previous by thread: Re: GSKit SSL Handshake Error
Next by thread: SV: GSKit SSL Handshake Error
Index(es):
- Date
- Thread