I'm sure that bouncing Apache helps by ending all the existing server jobs. My current theory is that there's something in state, and the remote service changes something which makes my state invalid.
"Most likely the endpoint server updated their SSL certificate, or it expired." I'm pretty much convinced this is the issue. I submit hundreds of requests a day, generally without incident. Yesterday, everything was fine until right at 9am. We caught the problem in just a few minutes, bounced Apache and everything was back to normal.
Right now, I'm working on a method to auto-recover.
-----Original Message-----
From: Bradley Stone [mailto:bvstone@xxxxxxxxx]
Sent: Tuesday, September 18, 2018 10:16 AM
To: RPG programming on the IBM i / System i <rpg400-l@xxxxxxxxxxxx>
Subject: Re: HTTPAPI & revoked SSL cert
The apache server shouldn't have anything to do with HTTPAPI.
But, you may want to check:
1. You're on V7R2 or higher and have all the latest PTFs. If you're on
V7R1 or earlier, you may be running into the issue that the cipher used on the server SSL cert isn't available on your system. Only fix is to update your OS version.
2. You don't have any expired Certificates OR CAs in DCM. If so, remove them. I've seen this cause issues even if the Cert of CA has NOTHING to do with the application being used. *shrug*
3. Make sure you have either strict SSL turned off, or you've imported the CAs used by the server cert.
4. Hopefully the server certificate isn't expired. I've seen that happen to the best of them where they forget to renew (even with Google).
When errors just start happening like this, it's best to look at what has changed. Most likely the endpoint server updated their SSL certificate, or it expired.
I'm surprised there isn't more information in the error provided other than the cert was rejected.
Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #16 <
https://www.bvstools.com/mailtool.html>: No external "helper" PC system required. 100% IBM i native!
midrange.com
