Folks:

Just a quick note ... I was finally able to get Java running on the
System i to talk SSL.

I ended up having to abandon the idea of using the DCM to hold the CA
certificate.

What I did was this ...

1. Used the keytool to import the CA certificate into a private copy of
the jssecacerts file (in directory ssl).

2. Created a copy of the java.security file (in directory SSL) with the
following values set:

security.provider.1=com.ibm.jsse.IBMJSSEProvider
security.provider.2=sun.security.provider.Sun
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.sun.rsajca.Provider
security.provider.5=com.ibm.security.cert.IBMCertPath
security.provider.6=com.ibm.as400.ibmonly.net.ssl.Provider
security.provider.7=com.ibm.security.jgss.IBMJGSSProvider

ssl.KeyManagerFactory.algorithm=IbmX509
ssl.TrustManagerFactory.algorithm=IbmX509

os400.jdk13.jst.factories=true

ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl
ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl

3. Added set following system properties via the java command:

os400.security.properties=ssl/java.security-os400
javax.net.ssl.trustStore=ssl/jssecacerts

Launched the application and it was able to communicate with SSL server
and the private CA cert.

Thanks to all who helped out.

david




As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.