Solved

How do i setup SSL to connect to a web service using iseries Web Service Client for ILE?

Posted on 2008-10-28
1
1,561 Views
Last Modified: 2013-12-06
I'm trying to connect to a web service using the iSeries Web Service Client for ILE.  I created the C stubs and was provided a self-signed SSL certificate for access to the remote web service.  I used Digital Certificate Manager (DCM) to import the self-signed (Trusted) SSL certificate.  It was imported as a certificate authority (CA) to the *SYSTEM certificate store.  Now that i'm trying to use the certificate that has been imported to connect to the remote server, when i get to the code axiscStubIncludeSecure, axiscStubSetSecure(stub, "/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB", "<password>", "<label>", "NONE", "05", "NONE", 0); axiscStubIncludeSecure(stub);
 
it fails.. with the following error:
 
AXIS EXCEPTION: (                                                  
23                                                                  
)                                                                  
HTTPTransportException: HTTPS transport error.                      
GSKit Error is 428 - No certificate is available for SSL processing.

Unable to determine why the imported self-signed certificate authority is not available to the program?  Any insight would be greatly appreciated.
0
Comment
Question by:edrobjr
1 Comment
 
LVL 33

Accepted Solution

by:
shalomc earned 500 total points
ID: 22843164
the self signed certificate is installed in the wrong place.
I don't remember the details on iSeries, but here is an overview of certificate usage:

Every CA has its private CA certificate. It is used to sign other certificates, both for clients and for servers.

Every client that uses SSL must have a certificate. A self signed cert is usually good enough, unless you use PKI, in which case you will need a client certificate signed by a Certifcation Authority (CA).

Every server that uses SSL must have a certificate. A self signed cert is good for development and for internal applications. A certificate signed by a private organizational CA is better, and is a must if you use PKI. Public servers should use certificates signed and authorized by well known Certification Authorities to prevent phishing and to improve the user experience.

As I understand, you self issued a certificate for the client and then used it for the CA. Bad idea.

ShalomC

0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSL certificate pack 6 222
inplace upgrade from Windows 2003 R2 to 2012 8 75
Encrypting Windows 7 directories: general questions 5 33
Details to create developer account 10 42
When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question