GSK_OS400_ERROR_NOT_TRUSTED_ROOT
Posted: Fri Feb 18, 2022 2:15 pm
Hi Scott, we are getting the error 6000 CPDBC97 GSK_OS400_ERROR_NOT_TRUSTED_ROOT. We have been working fine until a week or two ago. IBM says it is a certificate error, but we have all the correct certs installed and so not sure what has changed.
Information below from IBM ticket I opened
The certificate exchange fails with error code 6000
Does the HTTPAPI client use the DCM *system store?
Do you have the below CA certificates installed to DCM?
6000 CPDBC97 GSK_OS400_ERROR_NOT_TRUSTED_ROOT
Secure Socket API Error Code Messages
https://www.ibm.com/support/pages/node/639467
remote web service endpoint.
https://secure.shippingapis.com/Shippin ... Request%3E
httpapi_debug.txt
HTTPAPI Ver 1.41 released 2020-06-05
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R4M0
.
https_init(): entered
QSSLPCL = *OPSYS
SSL version 2 support disabled
SSL version 3 support disabled
Old interface to TLS version 1.0 support enabled
TLS version 1.0 support enabled
TLS version 1.1 support enabled
TLS version 1.2 support enabled
initializing GSK environment
.
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: secure.shippingapis.com
-------------------------------------------------------------------------------------
Dump of server-side certificate information:
-------------------------------------------------------------------------------------
Cert Validation Code = 6000
Protocol Used: TLS Version 1.2
http_persist_req(POST) entered.
http_long_ParseURL(): entered
http_long_ParseURL(): entered
do_oper(POST): entered
There are 0 cookies in the cache
POST /ShippingAPI.dll?API=TrackV2&XML=<TrackRequest%20USERID="765COACH7405"><TrackID%20ID="9261290290704506332556"></TrackID></TrackRequest> HTTP/1.1
Host: secure.shippingapis.com
User-Agent: http-api/1.41
Content-Type: application/xml
Content-Length: 400000
.senddoc(): entered
<TrackRequest USERID="765COACH7405"><TrackID ID="9261290290704506332556"></TrackID></TrackRequest>
recvresp(): entered
HTTP/1.1 302 Moved Temporarily
Date: Mon, 14 Feb 2022 23:26:47 GMT
Connection: close
Via: HTTPS/1.1 localhost.localdomain
Location: http://172.27.109.85:15871/cgi-bin/bloc ... 3341558858
Content-Length: 0
CA certificates needed by a pc browser client, or IBM i client:
DigiCert Global Root CA
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
Information below from IBM ticket I opened
The certificate exchange fails with error code 6000
Does the HTTPAPI client use the DCM *system store?
Do you have the below CA certificates installed to DCM?
6000 CPDBC97 GSK_OS400_ERROR_NOT_TRUSTED_ROOT
Secure Socket API Error Code Messages
https://www.ibm.com/support/pages/node/639467
remote web service endpoint.
https://secure.shippingapis.com/Shippin ... Request%3E
httpapi_debug.txt
HTTPAPI Ver 1.41 released 2020-06-05
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R4M0
.
https_init(): entered
QSSLPCL = *OPSYS
SSL version 2 support disabled
SSL version 3 support disabled
Old interface to TLS version 1.0 support enabled
TLS version 1.0 support enabled
TLS version 1.1 support enabled
TLS version 1.2 support enabled
initializing GSK environment
.
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: secure.shippingapis.com
-------------------------------------------------------------------------------------
Dump of server-side certificate information:
-------------------------------------------------------------------------------------
Cert Validation Code = 6000
Protocol Used: TLS Version 1.2
http_persist_req(POST) entered.
http_long_ParseURL(): entered
http_long_ParseURL(): entered
do_oper(POST): entered
There are 0 cookies in the cache
POST /ShippingAPI.dll?API=TrackV2&XML=<TrackRequest%20USERID="765COACH7405"><TrackID%20ID="9261290290704506332556"></TrackID></TrackRequest> HTTP/1.1
Host: secure.shippingapis.com
User-Agent: http-api/1.41
Content-Type: application/xml
Content-Length: 400000
.senddoc(): entered
<TrackRequest USERID="765COACH7405"><TrackID ID="9261290290704506332556"></TrackID></TrackRequest>
recvresp(): entered
HTTP/1.1 302 Moved Temporarily
Date: Mon, 14 Feb 2022 23:26:47 GMT
Connection: close
Via: HTTPS/1.1 localhost.localdomain
Location: http://172.27.109.85:15871/cgi-bin/bloc ... 3341558858
Content-Length: 0
CA certificates needed by a pc browser client, or IBM i client:
DigiCert Global Root CA
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1