RE: HTTPS connections

Are you using an APPLICATION_ID in your SSL calls? If so, that is telling the software to use an identifying certificate on the SSL connections. Do not use the APPLICATION_ID and see if you can still connect.

Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rick Rauterkus
Sent: Thursday, July 1, 2021 5:24 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: HTTPS connections

The issue is not that we don't trust them. I can connect from my PC, but could not from the IBM i.

The sys admin had me send them our certificate which they imported into their system and now we can connect. Their concern though is when our certificate expires the connection will be broken again. So they would like us to not present a certificate when making the web service call.
Which Scott seems to be saying is normal.

So the question is, how do we not use a cert when we make the web service call? Or maybe the question is why are we presenting a cert when we are the client if the default behavior is not to? Is it the way the sys admin has something set up? If it is, I'm sure they will be reluctant to change it in fear that it would affect something else. Is there a way we can force it not to present a cert using HTTPAPI?

Based on the debug logs of other web service calls we do, it looks like we are always presenting a cert. I'm guessing most servers are just ignoring it. But for this connection, they have said if a cert is used, they will validate it. I guess we have just gotten lucky all these years.