Hi Richard:
We has some problems last year with something similar.
I ran it through ChatGPT and think what is shared here makes sense
You're running into SSL certificate issues with httpclob on IBM i V7R2, which makes sense given that V7R2 is quite old and lacks many modern SSL/TLS enhancements, including looser or configurable validation like sslTolerate:true found in newer versions.
Here’s what you need to know:
🔐 sslTolerate:true and IBM i V7R2
-
The sslTolerate:true option is not officially supported on IBM i V7R2.
-
This parameter was introduced or became more reliable in later versions like V7R4 and especially V7R5, where more flexible SSL options were added to support modern APIs and certificates (like Let’s Encrypt, etc.).
-
On V7R2, the HTTP APIs (like httpclob) tend to strictly enforce SSL validation, and you cannot bypass it directly with parameters like sslTolerate.
✅ Workarounds You Might Try
-
Use HTTP instead of HTTPS (if available)
If the test server or API supports non-SSL endpoints (http://), use that temporarily while testing on V7R2.
-
Trust the certificate manually
You can import the SSL certificate into the Digital Certificate Manager (DCM) on the V7R2 system.
-
Go to DCM (GO DCM)
-
Select option to Import Certificate Authority (CA) or Server Certificate
-
Assign it to the IBM HTTP Client application (or equivalent)
-
This allows your system to trust the certificate without bypassing validation.
-
Use a proxy tool
If you can, run a proxy like Charles Proxy or Fiddler, which can downgrade the SSL, or better yet, configure a middleman proxy on a newer system that accepts the call from the IBM i V7R2 box and forwards it with modern TLS.
-
Use curl or QSH workaround
Use the QShell curl command (if installed) with -k or --insecure to bypass SSL validation:
shCopyEditcurl -k
https://your-api-url
You could run that from QSH and grab the output as a workaround for quick testing.
🧠 Tip:
IBM i V7R2 went out of support some time ago, so even SSL/TLS support is stuck at TLS 1.0/1.1 depending on patches. Many modern APIs require TLS 1.2 or 1.3, so even if you bypass cert validation, the cipher mismatch could still fail the connection.
💡 Summary
-
sslTolerate:true won't help you on V7R2.
-
Try using non-SSL, importing certs into DCM, or using QShell curl with --insecure.
-
Given that the customer is upgrading in 2 weeks, it may be best to just focus on staging your integration for V7R5, unless testing is absolutely critical now.
Let me know if you want help with the DCM steps or QShell script!
Hopefully this will help.Regards,Laura
Laura A. UbelhorPresidentConsultech Services, Inc.www.consultechservicesinc.com
phone 248-701-7410
On Monday, April 14, 2025 at 11:25:59 AM EDT, Richard Schoen <richard@xxxxxxxxxxxxxxxxx> wrote:
Hi All,
We are implementing some API calls for a customer and it works find on V7R5, but get cert errors on V7R2.
Does anyone know if the sslTolerate:true option works for httpclob on V7R2 or if there's a way to temporarily bypass the validation while we test ?
Customer is upgrading in 2 weeks so not life or death, but curious if we can get this to work on their system prior to the upgrade.
Thanks in advance.
Regards,
Richard Schoen
Web:
http://www.richardschoen.net
Email: richard@xxxxxxxxxxxxxxxxx<mailto:richard@xxxxxxxxxxxxxxxxx>
midrange.com
