Yes I followed the same steps.. but disable logic didn't work. Finally
admins were able to import the certificates correctly based on an input
from IBM they created a cert file.

The only change I had to do in my program before calling the function is
to add an environment variable like following.

Call the ADDENVVAR ENVVAR(IBM_JAVA_OPTIONS)
VALUE('-Djavax.net.ssl.trustStore=/mycertstore.jks') REPLACE(*YES) before
the HTTPPOSTCLOBVERBOSE UDF.


On Tue, Oct 16, 2018 at 2:43 AM Magne Kofoed <magne.kofoed@xxxxxxxxx> wrote:

How did you do the JVM hack?

Here is what i did with the JVM hack:
1. compile the java code to the ifs folder /QIBM/UserData/OS400/sqllib/fu
nction
First take the java code and create a file DisableSSL.java in this ifs
folder.
Then compile the java code:
qsh
cd /QIBM/UserData/OS400/sqllib/function
javac DisableSSL.java

2. create stored procedure by running this sql :
create procedure disableSSL() language java parameter style java external
name
'DisableSSL.go‘
3. put this rpg statement: exec sql call disableSSL(); before
httppostclob



Den man. 15. okt. 2018 kl. 23:50 skrev Mohammad Tanveer <surgum@xxxxxxxxx
:

I tried the JVM hack but that didn't work .. still getting same
certificate
path error.

On Mon, Oct 15, 2018 at 2:24 PM Arco Simonse <arco400@xxxxxxxxx> wrote:

So does this mean that the SQL HTTP functions do not honor CA
certificates
that are imported in DCM?

Regards,
-Arco

Op maandag 15 oktober 2018 heeft Magne Kofoed <magne.kofoed@xxxxxxxxx>
het
volgende geschreven:

Hi!

here is what I got from IBM and Scott Forstie when I asked him how to
solve
httppostclob and ssl problem.
I tried the "JVM Hack" and it works.

"For SSL to work, the client JVM needs to have a certificate for the
Certificate Authority that issued the certificate on the server.

....

§Or add the certificate for the issuing authority to the trust store
(or
the certificate from the server)

–Get certificate – You can get this from some web browsers (see next
slide)

–Add it to the trust store of the JVM in use

• keytool -import -trustcacerts -keystore
/QOpenSys/QIBM/ProdData/JavaVM/jdk60/32bit/jre/lib/security/cacerts
-storepass changeit -noprompt -alias z1235p1 -file /tmp/z1235p1.crt


–Warning: The cacerts file may be overwritten when Java ptfs are
applied,
so this step may need to be repeated often.


--
This is the RPG programming on the IBM i (AS/400 and iSeries)
(RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the RPG programming on the IBM i (AS/400 and iSeries) (RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the RPG programming on the IBM i (AS/400 and iSeries) (RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].