× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2007

RE: HTTP API Error

If this is for the SSL *SYSTEM store, directory needs at least *RX
authority, and all files in the dir need at least *R authority.

I have the same info in my FAQ for GETURI at
www.bvstools.com/docs/geturi/faq.html.

The complete path is listed there that needs authority.

I'm making a GETURI request that uses SSL and receiving an authority error
like "Error during initializing SSL. Permission Denied. RC(10) errno(3401)".
What do I need to do to fix this?

This is because the user that is making the request does not have the proper
authorities to the SSL keyring files and/or directory that are located in
the IFS. The keyring files (on most systems) can be found by using the
following command:

WRKLNK '/QIBM/UserData/ICSS/Cert/Server/*'

Bradley V. Stone
BVSTools - www.bvstools.com
eRPG SDK - www.erpgsdk.com

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Jon S
Sent: Tuesday, November 27, 2007 9:27 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: HTTP API Error



Scott,

I had a person onsite grant authority for a group profile that
all of the CSR's were under and I did verify remotely that they
are setup correctly, but we are still getting the same error. Is
there a a service or something that needs to be restarted for the
changes to take effect? Any help is appreciated.

Thanks, Jon> Date: Mon, 19 Nov 2007 15:30:43 -0600> From:
midrange-l@xxxxxxxxxxxxxxxx> To: midrange-l@xxxxxxxxxxxx>
Subject: Re: HTTP API Error> > Jon...> > Your question is really
only tangentially related to HTTPAPI. HTTPAPI > uses i5/OS (or
OS/400) to do the networking. This includes SSL, which > is
provided by software called "Global Secure Toolkit" (GSKit for
short) > that's included with i5/OS.> > The problem is that your
ordinary users (presumably those without > *ALLOBJ) don't have
adequate authority to use the *SYSTEM security store.> > Yes,
it's true that this error surfaced when using HTTPAPI -- but if
you > had tried to use another SSL application run by an ordinary
user profile > (for example, running the FTP client in SSL mode)
you would've had the > same error. It has to do with operating
system configuration -- not > HTTPAPI itself.> > The README
member included with HTTPAPI includes instructions on how to >
grant users access to the *SYSTEM certificate store. However, for
your > convienience, I'll provide them here as well:> > >
GRANTING ORDINARY USERS PERMISSION TO RUN SSL APPLICATIONS>
------------------------------------------------------------------
---> 1) In order to give your users proper permissions to run
apps> that use HTTPAPI/SSL you should give them access to the>
*SYSTEM certificate store.> > 2) Open iSeries Navigator (or,
Operations Navigator)> > 3) Click your iSeries connection, then
"Users and Groups"> > 4) To grant access to a group profile,
click "Groups"> To grant access to an individual user, click "All
Users"> > 5) Choose the user profile that you'd like to grant
access to,> right click on it, and choose "Properties"> > 6)
Click the "Capabilities" button.> > 7) Select the "Applications"
tab> > 8) Pull down the "Access for" list box, and select "host>
applications"> > 9) Expand the "Digital Certificate Manager" and
check the> box next to the "*SYSTEM certificate store"> > > > > >
Jon S wrote:> > I am using Scott Klement's HTTP API to send
HTTP posts over the> > internet and when I run it, it works fine.
When the average users> > tries it they get an error stating
"gsk_env_init: (GSKit) Access to> > the key database is"> > > >
It appears to be an authority problem but I am stumped. Any
ideas?> > > > -- > This is the Midrange Systems Technical
Discussion (MIDRANGE-L) mailing list> To post a message email:
MIDRANGE-L@xxxxxxxxxxxx> To subscribe, unsubscribe, or change
list options,> visit:
http://lists.midrange.com/mailman/listinfo/midrange-l> or email:
MIDRANGE-L-request@xxxxxxxxxxxx> Before posting, please take a moment to
review the archives> at http://archive.midrange.com/midrange-l.>



Share life as it happens with the new Windows Live. Share now!

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.