× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. JAVA400-L
  3. December 2006

Re: Java and HTTPS

Hi Paul,

Recently had this exact same problem and solved it with much googling and 
frustration.  The 400 has its own *SYSTEM keystore, but that DOES NOT WORK 
properly, so don't bother trying to add certificates to it.  Instead, use 
a good 'ol Java keystore (i.e. create one with the keytool and import your 
certificate).  You need to modify your java.security file, which is 
located in /QIBM/ProdData/Java400/jdk15/lib/security.  Here is the file I 
use:


Then, on your Java startup command set the following properties:
-Djavax.net.ssl.trustStore=<path to truststore i.e. 
/QIBM/ProdData/Java400/jdk15/lib/security/cacerts, or a custom one>
-Djavax.net.ssl.keyStore=<path to certificate store>
-Djavax.net.ssl.keyStoreType=<keystore type (i.e. JKS)>
-Djavax.net.ssl.keyStorePassword=<keystore password>

You may not need to set all of these parameters, but it depends on what 
you are trying to do.  If you are importing a new trusted ca, you need to 
set the truststore property.  Otherwise, the keystore* properties apply. 
Or both ...

HTH,
Phil




"Clapham, Paul" <pclapham@xxxxxxxxxxxxx> 
Sent by: java400-l-bounces@xxxxxxxxxxxx
13/12/2006 12:08 PM
Please respond to
Java Programming on and around the iSeries / AS400 
<java400-l@xxxxxxxxxxxx>


To
"Java Programming on and around the iSeries / AS400" 
<java400-l@xxxxxxxxxxxx>
cc

Subject
Java and HTTPS






Hello all,

We have a requirement to send a file to a business partner at a certain 
web address using the HTTPS protocol. So I have been trying to configure 
SSL on our iSeries (which is at V5R3). First I got the message "The 
certificate container *SYSTEM could not be accessed" so I set up a 
certificate authority and created a certificate. Then I got the 
authorization problems so (via the archives of this list) I found out how 
to allow access to the certificate.

Now the message I am getting is "Certificate is not signed by a trusted 
certificate authority". And now I'm stuck. I've been going through the 
"iSeries Wired Network Security" redbook and it says that the iSeries 
comes with certificates from Verisign and so on. But I don't see how to 
make Java use those certificates. And it's got a section on configuring 
which applications will trust my certificate authority, but "Java" doesn't 
seem to be one of the applications on the list.

So as I say, I'm stuck. Does anybody know what I should do next? Or am I 
going down the wrong path?

Regards
Paul Clapham

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.