GSK_OS400_ERROR_NOT_TRUSTED_ROOT

Discussions related to HTTPAPI (An HTTP Client Package for RPG programming.) http://www.scottklement.com/httpapi/
Post Reply
ccaile
Posts: 1
Joined: Fri Feb 18, 2022 2:09 pm

GSK_OS400_ERROR_NOT_TRUSTED_ROOT

Post by ccaile »

Hi Scott, we are getting the error 6000 CPDBC97 GSK_OS400_ERROR_NOT_TRUSTED_ROOT. We have been working fine until a week or two ago. IBM says it is a certificate error, but we have all the correct certs installed and so not sure what has changed.
Information below from IBM ticket I opened

The certificate exchange fails with error code 6000
Does the HTTPAPI client use the DCM *system store?
Do you have the below CA certificates installed to DCM?
6000 CPDBC97 GSK_OS400_ERROR_NOT_TRUSTED_ROOT
Secure Socket API Error Code Messages
https://www.ibm.com/support/pages/node/639467
remote web service endpoint.
https://secure.shippingapis.com/Shippin ... Request%3E

httpapi_debug.txt

HTTPAPI Ver 1.41 released 2020-06-05

NTLM Ver 1.4.0 released 2014-12-22

OS/400 Ver V7R4M0

.

https_init(): entered

QSSLPCL = *OPSYS

SSL version 2 support disabled

SSL version 3 support disabled

Old interface to TLS version 1.0 support enabled

TLS version 1.0 support enabled

TLS version 1.1 support enabled

TLS version 1.2 support enabled

initializing GSK environment

.

Nagle's algorithm (TCP_NODELAY) disabled.

SNI hostname set to: secure.shippingapis.com

-------------------------------------------------------------------------------------

Dump of server-side certificate information:

-------------------------------------------------------------------------------------

Cert Validation Code = 6000

Protocol Used: TLS Version 1.2

http_persist_req(POST) entered.

http_long_ParseURL(): entered

http_long_ParseURL(): entered

do_oper(POST): entered

There are 0 cookies in the cache

POST /ShippingAPI.dll?API=TrackV2&XML=<TrackRequest%20USERID="765COACH7405"><TrackID%20ID="9261290290704506332556"></TrackID></TrackRequest> HTTP/1.1

Host: secure.shippingapis.com

User-Agent: http-api/1.41

Content-Type: application/xml

Content-Length: 400000

.senddoc(): entered

<TrackRequest USERID="765COACH7405"><TrackID ID="9261290290704506332556"></TrackID></TrackRequest>

recvresp(): entered

HTTP/1.1 302 Moved Temporarily

Date: Mon, 14 Feb 2022 23:26:47 GMT

Connection: close

Via: HTTPS/1.1 localhost.localdomain

Location: http://172.27.109.85:15871/cgi-bin/bloc ... 3341558858

Content-Length: 0

CA certificates needed by a pc browser client, or IBM i client:

DigiCert Global Root CA

GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
Top
Scott Klement
Site Admin
Posts: 662
Joined: Sun Jul 04, 2021 5:12 am

Re: GSK_OS400_ERROR_NOT_TRUSTED_ROOT

Post by Scott Klement »

I'm not sure what you are asking. You clearly already know what the problem is, you have an untrusted root certificate. Why not just fix it?

What's the point of posting a trace log that doesn't show any errors?
Top
Post Reply

Return to “HTTPAPI”