Solved

How do i setup SSL to connect to a web service using iseries Web Service Client for ILE?

Posted on 2008-10-28
1
1,592 Views
Last Modified: 2013-12-06
I'm trying to connect to a web service using the iSeries Web Service Client for ILE.  I created the C stubs and was provided a self-signed SSL certificate for access to the remote web service.  I used Digital Certificate Manager (DCM) to import the self-signed (Trusted) SSL certificate.  It was imported as a certificate authority (CA) to the *SYSTEM certificate store.  Now that i'm trying to use the certificate that has been imported to connect to the remote server, when i get to the code axiscStubIncludeSecure, axiscStubSetSecure(stub, "/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB", "<password>", "<label>", "NONE", "05", "NONE", 0); axiscStubIncludeSecure(stub);
 
it fails.. with the following error:
 
AXIS EXCEPTION: (                                                  
23                                                                  
)                                                                  
HTTPTransportException: HTTPS transport error.                      
GSKit Error is 428 - No certificate is available for SSL processing.

Unable to determine why the imported self-signed certificate authority is not available to the program?  Any insight would be greatly appreciated.
0
Comment
Question by:edrobjr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 33

Accepted Solution

by:
shalomc earned 500 total points
ID: 22843164
the self signed certificate is installed in the wrong place.
I don't remember the details on iSeries, but here is an overview of certificate usage:

Every CA has its private CA certificate. It is used to sign other certificates, both for clients and for servers.

Every client that uses SSL must have a certificate. A self signed cert is usually good enough, unless you use PKI, in which case you will need a client certificate signed by a Certifcation Authority (CA).

Every server that uses SSL must have a certificate. A self signed cert is good for development and for internal applications. A certificate signed by a private organizational CA is better, and is a must if you use PKI. Public servers should use certificates signed and authorized by well known Certification Authorities to prevent phishing and to improve the user experience.

As I understand, you self issued a certificate for the client and then used it for the CA. Bad idea.

ShalomC

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question