× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2021

Unable to assign Digital Certificate to Web Server with HTTP Server Administrator rc=ICS1003 *SOLVED*

** This is for the Archives and has been solved **

Recently I was poked that Frankeni.com was not using SSL. In order to fix that correctly I spun up a shiny new i 7.4 partition all current on PTFs. I copied the web site over, and used DCM to request a certificate. The returned certificate was loaded and I attempted to assign it to the server using the CLI. It kinda almost ran but pages weren't right etc. Very bizarre actually. WHen I removed the SSL from the site it worked perfectly.

SO I used the HTTP Server Administration web server to attempt to assign the certificate figuring that by editing the http.conf file I was getting something wrong. That process acted like it was going to work but after about 10 or so seconds it failed. At the bottom of the screen it presented a link to the log. In there, this:

...] 000005b SystemOut O CA number is: 3
...] 00000077 com.ibm.as400.httpsvr E Sign cert program failed with rc=ICS1003
...] 00000077 com.ibm.as400.httpsvr E taskConfigureSSLForNormal failed to sign certifacate splat.frankeni.com_2021 to application QIBM_HTTP_SERVER_FRANKENI1

(Note ...] was the date and time)

After a time I opened a Case with IBM. The particular agent I was working with was little help and had me do several things which were pointless and actually cluttered up DCM badly as well as creating additional unneeded web server instances. However in that process I noticed at one point, and unfortunately I can't remember where, a note about unable to access 'the stash.'

That was the memory trigger I needed. Immediately I viewed the lawyer system value, QRETSVRTSEC and realized it was still 0. RATS. I set it to 1.

I then attempted to assign the cert in the HTTP Server administrator and it failed again. OOPS! I logged into DCM, changed the *SYSTEM cert store password, returned to the HTTP Server administrator and away we go.

You can now see that the page is up in ssl:

https://www.frankeni.com/FrankenRules.html

As it works out the DCM password stash or some related bits to that were NOT being stored due to QRETSVRSEC being set to 0. Once that was corrected all is well. Note that normally this value will have been set to 1 due to some other requirement but being a shiny new partition with no other use than this I had not yet encountered a reason to set it to '1'.

The reason for changing the password AFTER setting this system value was to allow the stash to be updated and stored thus allowing the http admin server to access and correctly assign the cert.

- DrF


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.