MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » September 2013

Re: Certificate authentication through HTTPS



fixed

Hi Brad,

Thanks for your reply... I don't know if I need to use a client certificate or a CA stored in the *SYSTEM store. I wouldn't even know who could answer the question. I only know that the verification is done via a certificate, which I have never done. I'm not even accessing Digital Certificate Manager myself. I don't believe I have authority to it. I'm just doing the RPG side and I am passing information back and forth to the VP of Operations. I can't see the Certificate Manager except screen shots sent me by the VP of Operations and I'm trying to instruct him how I need this set up. From his screen shots, that is what he's using. The people whose site I am sending the CSV file to (and from whom I'll also need to receive a reply file) don't know anything about the iSeries... they only know about using the certificate in Internet Explorer... so I doubt they can answer that question.

If this is a "*SYSTEM store" certificate, does that mean the mere fact that it's loaded means I can use it? Or is there something that needs to be done in Certificate Manager to make it a "*System Store" certificate, assuming this is what I need?
If this is what I need, also, does that mean it won't need to point to an application, and if so, how do I refer to it in my RPG program?
Or do I even need to?

Thanks so much,
Charlie.

Charles,

If you truely are using a client certificate you do this all in the Digital
Certificate Mananger (DCM). You can get there through the ADMIN HTTP
server (port 2001). Look around in there and it will make more sense.

Import the client certificate, then apply an application ID to it. Then on
your HTTP call you need to be sure to use the same application ID so that
it knows which client certificate to use.

But, I will say this. I would double check if you really need to use a
client certificate or if you're just making an HTTPS call that only
requires the CAs be installed in the *SYSTEM store.

I've worked with thousands of clients with projects like this (using our
GETURI product) and only 1 that I know of in 15 years used a client
certificate (and it didn't work because the SSL APIs had a bug because it
had never been truely tested... of course they did offer a PTF once we
worked through it).

SSL is confusing, yes, but rarely do I see client certificates in use.

Brad
www.bvstools.com

This email message has been delivered safely and archived online by Mimecast. For more information please visit http://www.mimecast.com






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact