gsk_env_init Error from Iseries to https

[GILLES]

Hi

for security reason i need to change the http adress for an https address

When i try to contact the https address from iseries i get this error message :
24: gsk_env_init: (GSKit) Access to the key database is not allowed.
i use wsdl2rpg utility.
before i use an http address with user/password
now it is the ame exept that it is an https address
what i need to do to correct my issue ?

Regards
Gilles

[GILLES]

Hi

Finally i resolved it
i just creat default.kdb to /QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB
with this link
https://www.ibm.com/support/pages/digit ... mmon-tasks
and gave *RWX authority to the directory /QIBM/USERDATA/ICSS/CERT/SERVER/ to the profil that submitted the webservice and it works

regards
Gilles

[Scott Klement]

For what it's worth, this is documented in the README member that's provided in the QRPGLESRC source file with HTTPAPI.

[Ricardo123]

Good afternoon dear, can you tell me the http 503 error, could it be related to an error due to certificates? The service I want to access is available.

This is the error...

08/11/2023 17:40:18:504 274191/MC1902/QQFMC1902 00000017 transport D TCPChannel::readBytes(): Using SSL input stream.
08/11/2023 17:40:18:505 274191/MC1902/QQFMC1902 00000017 transport D TCPChannel::readBytes(): number of bytes read is 2637
08/11/2023 17:40:18:506 274191/MC1902/QQFMC1902 00000017 transport D TCPChannel::readBytes():
HTTP/1.0 503 Service Unavailable
pragma: no-cache
cache-control: private, max-age=0, no-cache, no-store
content-type: text/html

<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">

<style type="text/css">
body {
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
line-height: 1.66666667;
font-size: 16px;
color: #333;
background-color: #fff;
margin: 2em 1em;
}
h1 {
font-size: 28px;

[jonboy49]

What does the HTTPAPI debug log show? If it is a certificate issue it will show there. Are you certain the service is available? How did you verify that?

[Scott Klement]

It normally means that the service you requested is either down (for example, doing maintenance) or that it cannot handle the number of requests (too busy.)

For more details, you'll need to ask whomever is running the site.

[Ricardo123]

The service is available, I checked it by performing the test from postman and it answers correctly, another question, how to deactivate the certificate verification in AS400 when using axis for REST services in as400?

[Scott Klement]

The service is available, I checked it by performing the test from postman and it answers correctly,

I can't tell you more than what the message "503 Service Unavailable" typically means. I do not run the server you are connecting to, and do not have insider knowledge on how it works or the ability to view it's logs. As I said in my last message, you'll need to talk to whomever runs the server.

another question, how to deactivate the certificate verification in AS400 when using axis for REST services in as400?

The AS/400 was discontinued more than 23 years ago. You won't be able to get anything related to TLS running on a system that old.

As you posted this in the HTTPAPI topic area in the middle of someone else's thread about HTTPAPI, I could easily refuse to help you on the grounds that you are using a completely different product (one that people could argue competes with HTTPAPI) and that you hijacked another person's thread. But I'm not going to be like that.

Here is the manual that explains how to use the AXIS routines:
https://public.dhe.ibm.com/systems/supp ... nt_new.pdf

When you're writing a client, you control the TLS options with the axiscTransportSetProperty() function with type=AXISC_PROPERTY_HTTP_SSL. So open the preceding PDF, go to Chapter 17 (AXIS C core APIs), then Transport C APIs, then axisCTransportSetProperty(). Read about the parameters to the AXISC_PROPERTY_HTTP_SSL code. Pay attention to the parameter related to tolerating soft validation errors.