× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2016

RE: Connecting to web using TLS

Hi everyone
It's been a while - since there was any movement on this subject, but I wanted to bring everyone up to date, in case someone else has this type of problem
Brad contacted me off this thread and was EXTREMLY helpful in helping me achieve my goal
What he wrote below is exactly what is needed
I can now communicate with the web page


Alan Shore
E-mail : ASHORE@xxxxxxxx
Phone [O] : (631) 200-5019
Phone [C] : (631) 880-8640
'If you're going through hell, keep going.'
Winston Churchill

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bradley Stone
Sent: Thursday, October 27, 2016 4:42 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Re: Connecting to web using TLS

Most SSL Certificates are signed by more than one entity. The multiple entities are know as the CA Chain.

If you see the SSL documentation on this page:
http://docs.bvstools.com/home/ssl-documentation/exporting-certificate-authorities-cas-from-a-website

You'll see the paypal.com certificate has 2 CAs in the "chain". Verisign and Verisign Class 3......

When importing them you need to do it one at a time. But before that you need to export them from the certificate one at a time. That's something I normally do for customers since it's a lot quicker for me to do it than not. :)

Then I send them to the customer and point them to the instructions on how to import them here:
http://docs.bvstools.com/home/ssl-documentation/importing-a-certificate-authority-ca

Brad
www.bvstools.com

On Thu, Oct 27, 2016 at 3:27 PM, Alan Shore <ashore@xxxxxxxx> wrote:

Hi Brad
The error I am receiving is
Error performing SSL handshake. There is no error. RC(23) errno().
And what do you mean with
You do need to load the CA chain for most applications when you're the
client.
CA chain?

Alan Shore
E-mail : ASHORE@xxxxxxxx
Phone [O] : (631) 200-5019
Phone [C] : (631) 880-8640
'If you're going through hell, keep going.'
Winston Churchill


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Bradley Stone
Sent: Thursday, October 27, 2016 8:20 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Re: Connecting to web using TLS

Alan,

What error codes are you receiving.

You do need to load the CA chain for most applications when you're the
client. IBM doesn't automatically put anything but the most basic in
the *SYSTEM store when it's created.

Brad
www.bvstools.com

On Thu, Oct 27, 2016 at 1:51 PM, Alan Shore <ashore@xxxxxxxx> wrote:

Thanks for your reply Peter
We are using Krengel Tech RPG-XML Suite and have had no problems
with web service calls what so ever For this new company, I have
created a proof of concept program (read - quick, with no bells and
whistles) and I seem to be connecting, but the error code that I am
receiving says that I need to load a certificate onto the AS/400
However - they say I don't need to load a certificate but to use TLS
protocol

quote
When we receive a request, we check the level of encryption. We
allow merchants to connect to us only in secure https mode using TLS
protocols and we strongly recommend to use the most recent and
secure versions which are currently TLS 1.1 and 1.2.
Endquote

We followed the instructions from the web site I included below -
stopped and started all the INBNDSRVR jobs - but still receive the
same error code

Alan Shore
E-mail : ASHORE@xxxxxxxx
Phone [O] : (631) 200-5019
Phone [C] : (631) 880-8640
'If you're going through hell, keep going.'
Winston Churchill


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf
Of Peter Connell
Sent: Thursday, October 27, 2016 2:39 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: RE: Connecting to web using TLS

Alan,

We've been having trouble with web service calls to some data
providers who now support only TLS protocols.
My impression is that there appear to be issues with the limited
number of cipher suites supported by IBM i5 so a successful
handshake using IBM legacy or GSK APIs may depend on the ciphers
that the provider supports but I'm not certain of this.
I've found that using a simple java program (complied at JDK7) to do
the actual connection works fine since JDK70 supports a wider range
of
ciphers.
Connecting using curl via a PHP script also seems to work.

Cheers, Peter

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf
Of Alan Shore
Sent: Friday, 28 October 2016 6:55 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Connecting to web using TLS

Hi everyone
Before I forget, we are on V7r1 (finally) I have been asked to place
web service calls but need to use TLS protocols - Quote When we
receive a request, we check the level of encryption. We allow
merchants to connect to us only in secure https mode using TLS
protocols and we strongly recommend to use the most recent and
secure versions which are currently TLS 1.1 and 1.2.

endquote

I have searched the web, and the only thing I can find is the
following web page

http://www-01.ibm.com/support/docview.wss?uid=nas8N1019971

Does anyone have any other instructions?
Just trying to cover all bases



Alan Shore
E-mail : ASHORE@xxxxxxxx
Phone [O] : (631) 200-5019
Phone [C] : (631) 880-8640
'If you're going through hell, keep going.'
Winston Churchill

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at http://archive.midrange.com/
midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.


##############################################################
This correspondence is for the named person's use only. It may
contain confidential or legally privileged information, or both. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this correspondence in error, please immediately
delete it from your system and notify the sender. You must not
disclose, copy or rely on any part of this correspondence if you are
not the intended recipient. Any views expressed in this message are
those of the individual sender, except where the sender expressly,
and with authority, states them to be the views of Veda. If you need
assistance, please contact Veda :- Australia http://www.veda.com.au/
contact-us New Zealand http://www.veda.co.nz/contact-veda
##############################################################

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at http://archive.midrange.com/
midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.