Solved

How do i setup SSL to connect to a web service using iseries Web Service Client for ILE?

Posted on 2008-10-28
1
1,554 Views
Last Modified: 2013-12-06
I'm trying to connect to a web service using the iSeries Web Service Client for ILE.  I created the C stubs and was provided a self-signed SSL certificate for access to the remote web service.  I used Digital Certificate Manager (DCM) to import the self-signed (Trusted) SSL certificate.  It was imported as a certificate authority (CA) to the *SYSTEM certificate store.  Now that i'm trying to use the certificate that has been imported to connect to the remote server, when i get to the code axiscStubIncludeSecure, axiscStubSetSecure(stub, "/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB", "<password>", "<label>", "NONE", "05", "NONE", 0); axiscStubIncludeSecure(stub);
 
it fails.. with the following error:
 
AXIS EXCEPTION: (                                                  
23                                                                  
)                                                                  
HTTPTransportException: HTTPS transport error.                      
GSKit Error is 428 - No certificate is available for SSL processing.

Unable to determine why the imported self-signed certificate authority is not available to the program?  Any insight would be greatly appreciated.
0
Comment
Question by:edrobjr
1 Comment
 
LVL 33

Accepted Solution

by:
shalomc earned 500 total points
ID: 22843164
the self signed certificate is installed in the wrong place.
I don't remember the details on iSeries, but here is an overview of certificate usage:

Every CA has its private CA certificate. It is used to sign other certificates, both for clients and for servers.

Every client that uses SSL must have a certificate. A self signed cert is usually good enough, unless you use PKI, in which case you will need a client certificate signed by a Certifcation Authority (CA).

Every server that uses SSL must have a certificate. A self signed cert is good for development and for internal applications. A certificate signed by a private organizational CA is better, and is a must if you use PKI. Public servers should use certificates signed and authorized by well known Certification Authorities to prevent phishing and to improve the user experience.

As I understand, you self issued a certificate for the client and then used it for the CA. Bad idea.

ShalomC

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #POC #XenDesktop #vCenter #VMware #ESX
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now