× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. September 2018

RE: HTTPAPI & revoked SSL cert

Let me try and clarify what I meant by "I have a CGI webservice that uses the HTTPAPI utility to make HTTPS calls to an outside vendor".

I have an RPGLE program that is called as a CGI program running on an IBMi Apache server. That RPGLE program calls a service program, and that service program uses HTTPAPI to access a 3rd party webservice over the internet.


My theory, based mostly on speculation, is that HTTPAPI remains active in a given job running in QHTTPSVR. Something changes with the certificate on the remote end, but the already running CGI jobs have something still in memory which causes the error. By bouncing Apache, all the CGI jobs are ended and the new jobs start with a clean slate.




From: Justin Taylor
Sent: Tuesday, September 18, 2018 9:37 AM
To: 'RPG programming on the IBM i (AS/400 and iSeries)' <rpg400-l@xxxxxxxxxxxx>
Subject: HTTPAPI & revoked SSL cert

I have a CGI webservice that uses the HTTPAPI utility to make HTTPS calls to an outside vendor. It makes a few hundred calls a day and has been in production for a couple of years. Twice in the past week it's started throwing certificate errors and continued to do so until we bounced the Apache server. I wasn't in the office when the issues occurred, so I'm limited on what data I have.

I'm working on an automatic, and less drastic, work-around than bouncing Apache. My RPG CGI program runs in a named activation group and doesn't set on LR. The HTTPAPI call is in a service program that runs in *CALLER. I'm wondering if it would help to run my service program in a named activation group. That way, when an error occurs the calling RPG could reclaim that named activation group. Of course, I don't know if that would help. I'm just speculating that something within HTTPAPI is staying in memory.

Any thoughts?


From Library : LIBHTTP
From Program : HTTPAPIR4
From Line : *STMT
To Library : LIBHTTP
To Program : HTTPAPIR4
To Line : *STMT

From user . . . . . . . . . : USER
From module . . . . . . . . : HTTPUTILR4
From procedure . . . . . . : UTIL_DIAG
Statement . . . . . . . . . : 4810
To module . . . . . . . . . : COMMSSLR4
To procedure . . . . . . . : SSL_ERROR
Statement . . . . . . . . . : 7142
Thread . . . . : 00000002

(GSKit) Certificate was rejected by the application
supplied exit program or certificate being validated by SSL processing was
revoked.

Cause . . . . . : No additional online help information is available.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.