|
No, we are not using application IDs. We also are not calling https_init
at all, which if I interpret that correctly is the same as calling it with
blanks. So I am thinking our admins must have the system configured
somehow that it will present a cert even when we are acting as the client.
Which is why I am wondering if we can prevent that on a HTTPAPI call.
On Thu, Jul 1, 2021 at 9:27 AM Christopher Bipes <
chris.bipes@xxxxxxxxxxxxxxx> wrote:
Found this in the HTTPAPI example:telling
If you want to use client certificates, or configure which
certificate authorities your program trusts, you should always
register an application ID, and configure the settings manually
in the Digital Certificate Manager. (Most banks require this!)
If you don't need/want to set up individual settings for the
application, you can pass *BLANKS for the application ID, and
HTTPAPI will use the default settings for a client application
in the *SYSTEM certificate store (as below)
eval rc = https_init(*BLANKS)
Chris Bipes
Director of Information Services
CrossCheck, Inc.
-----Original Message-----
From: Christopher Bipes
Sent: Thursday, July 1, 2021 7:17 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx
Subject: RE: HTTPS connections
Are you using an APPLICATION_ID in your SSL calls? If so, that is
the software to use an identifying certificate on the SSL connections.Do
not use the APPLICATION_ID and see if you can still connect.admin
Chris Bipes
Director of Information Services
CrossCheck, Inc.
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Rick Rauterkus
Sent: Thursday, July 1, 2021 5:24 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: HTTPS connections
The issue is not that we don't trust them. I can connect from my PC, but
could not from the IBM i.
The sys admin had me send them our certificate which they imported into
their system and now we can connect. Their concern though is when our
certificate expires the connection will be broken again. So they would
like us to not present a certificate when making the web service call.
Which Scott seems to be saying is normal.
So the question is, how do we not use a cert when we make the web service
call? Or maybe the question is why are we presenting a cert when we are
the client if the default behavior is not to? Is it the way the sys
has something set up? If it is, I'm sure they will be reluctant tochange
it in fear that it would affect something else. Is there a way we canwe
force it not to present a cert using HTTPAPI?
Based on the debug logs of other web service calls we do, it looks like
are always presenting a cert. I'm guessing most servers are justignoring
it. But for this connection, they have said if a cert is used, they willlist
validate it. I guess we have just gotten lucky all these years.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx--
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.