Jon...
Your question is really only tangentially related to HTTPAPI. HTTPAPI
uses i5/OS (or OS/400) to do the networking. This includes SSL, which
is provided by software called "Global Secure Toolkit" (GSKit for short)
that's included with i5/OS.
The problem is that your ordinary users (presumably those without
*ALLOBJ) don't have adequate authority to use the *SYSTEM security store.
Yes, it's true that this error surfaced when using HTTPAPI -- but if you
had tried to use another SSL application run by an ordinary user profile
(for example, running the FTP client in SSL mode) you would've had the
same error. It has to do with operating system configuration -- not
HTTPAPI itself.
The README member included with HTTPAPI includes instructions on how to
grant users access to the *SYSTEM certificate store. However, for your
convienience, I'll provide them here as well:
GRANTING ORDINARY USERS PERMISSION TO RUN SSL APPLICATIONS
---------------------------------------------------------------------
1) In order to give your users proper permissions to run apps
that use HTTPAPI/SSL you should give them access to the
*SYSTEM certificate store.
2) Open iSeries Navigator (or, Operations Navigator)
3) Click your iSeries connection, then "Users and Groups"
4) To grant access to a group profile, click "Groups"
To grant access to an individual user, click "All Users"
5) Choose the user profile that you'd like to grant access to,
right click on it, and choose "Properties"
6) Click the "Capabilities" button.
7) Select the "Applications" tab
8) Pull down the "Access for" list box, and select "host
applications"
9) Expand the "Digital Certificate Manager" and check the
box next to the "*SYSTEM certificate store"
Jon S wrote:
I am using Scott Klement's HTTP API to send HTTP posts over the
internet and when I run it, it works fine. When the average users
tries it they get an error stating "gsk_env_init: (GSKit) Access to
the key database is"
It appears to be an authority problem but I am stumped. Any ideas?
midrange.com
