Solved

How do i setup SSL to connect to a web service using iseries Web Service Client for ILE?

Posted on 2008-10-28
1
1,620 Views
Last Modified: 2013-12-06
I'm trying to connect to a web service using the iSeries Web Service Client for ILE.  I created the C stubs and was provided a self-signed SSL certificate for access to the remote web service.  I used Digital Certificate Manager (DCM) to import the self-signed (Trusted) SSL certificate.  It was imported as a certificate authority (CA) to the *SYSTEM certificate store.  Now that i'm trying to use the certificate that has been imported to connect to the remote server, when i get to the code axiscStubIncludeSecure, axiscStubSetSecure(stub, "/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB", "<password>", "<label>", "NONE", "05", "NONE", 0); axiscStubIncludeSecure(stub);
 
it fails.. with the following error:
 
AXIS EXCEPTION: (                                                  
23                                                                  
)                                                                  
HTTPTransportException: HTTPS transport error.                      
GSKit Error is 428 - No certificate is available for SSL processing.

Unable to determine why the imported self-signed certificate authority is not available to the program?  Any insight would be greatly appreciated.
0
Comment
Question by:edrobjr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 33

Accepted Solution

by:
shalomc earned 500 total points
ID: 22843164
the self signed certificate is installed in the wrong place.
I don't remember the details on iSeries, but here is an overview of certificate usage:

Every CA has its private CA certificate. It is used to sign other certificates, both for clients and for servers.

Every client that uses SSL must have a certificate. A self signed cert is usually good enough, unless you use PKI, in which case you will need a client certificate signed by a Certifcation Authority (CA).

Every server that uses SSL must have a certificate. A self signed cert is good for development and for internal applications. A certificate signed by a private organizational CA is better, and is a must if you use PKI. Public servers should use certificates signed and authorized by well known Certification Authorities to prevent phishing and to improve the user experience.

As I understand, you self issued a certificate for the client and then used it for the CA. Bad idea.

ShalomC

0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question