× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. September 2018

Re: HTTPAPI & revoked SSL cert

The apache server shouldn't have anything to do with HTTPAPI.

But, you may want to check:

1. You're on V7R2 or higher and have all the latest PTFs. If you're on
V7R1 or earlier, you may be running into the issue that the cipher used on
the server SSL cert isn't available on your system. Only fix is to update
your OS version.

2. You don't have any expired Certificates OR CAs in DCM. If so, remove
them. I've seen this cause issues even if the Cert of CA has NOTHING to do
with the application being used. *shrug*

3. Make sure you have either strict SSL turned off, or you've imported the
CAs used by the server cert.

4. Hopefully the server certificate isn't expired. I've seen that happen
to the best of them where they forget to renew (even with Google).

When errors just start happening like this, it's best to look at what has
changed. Most likely the endpoint server updated their SSL certificate, or
it expired.

I'm surprised there isn't more information in the error provided other than
the cert was rejected.

Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #16 <https://www.bvstools.com/mailtool.html>: No external
"helper" PC system required. 100% IBM i native!

On Tue, Sep 18, 2018 at 9:37 AM Justin Taylor <JUSTIN@xxxxxxxxxxxxx> wrote:

I have a CGI webservice that uses the HTTPAPI utility to make HTTPS calls
to an outside vendor. It makes a few hundred calls a day and has been in
production for a couple of years. Twice in the past week it's started
throwing certificate errors and continued to do so until we bounced the
Apache server. I wasn't in the office when the issues occurred, so I'm
limited on what data I have.

I'm working on an automatic, and less drastic, work-around than bouncing
Apache. My RPG CGI program runs in a named activation group and doesn't
set on LR. The HTTPAPI call is in a service program that runs in *CALLER.
I'm wondering if it would help to run my service program in a named
activation group. That way, when an error occurs the calling RPG could
reclaim that named activation group. Of course, I don't know if that would
help. I'm just speculating that something within HTTPAPI is staying in
memory.

Any thoughts?


From Library : LIBHTTP
From Program : HTTPAPIR4
From Line : *STMT
To Library : LIBHTTP
To Program : HTTPAPIR4
To Line : *STMT
From user . . . . . . . . . : USER
From module . . . . . . . . : HTTPUTILR4
From procedure . . . . . . : UTIL_DIAG
Statement . . . . . . . . . : 4810
To module . . . . . . . . . : COMMSSLR4
To procedure . . . . . . . : SSL_ERROR
Statement . . . . . . . . . : 7142
Thread . . . . : 00000002

(GSKit) Certificate was rejected by the application
supplied exit program or certificate being validated by SSL processing was
revoked.
Cause . . . . . : No additional online help information is available.
--
This is the RPG programming on the IBM i (AS/400 and iSeries) (RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.