|
Ok , i did also import the certificate and it works fine.
But the first httppostclob will start the jvm and this takes a while.
So i think i will have to put the httppostclob in a dtaq job that has the
jvm running all the time.
Den ons. 17. okt. 2018, 21:15 skrev Mohammad Tanveer <surgum@xxxxxxxxx>:
Yes I followed the same steps.. but disable logic didn't work. Finally/QIBM/UserData/OS400/sqllib/fu
admins were able to import the certificates correctly based on an input
from IBM they created a cert file.
The only change I had to do in my program before calling the function is
to add an environment variable like following.
Call the ADDENVVAR ENVVAR(IBM_JAVA_OPTIONS)
VALUE('-Djavax.net.ssl.trustStore=/mycertstore.jks') REPLACE(*YES) before
the HTTPPOSTCLOBVERBOSE UDF.
On Tue, Oct 16, 2018 at 2:43 AM Magne Kofoed <magne.kofoed@xxxxxxxxx>
wrote:
How did you do the JVM hack?
Here is what i did with the JVM hack:
1. compile the java code to the ifs folder
externalnction
First take the java code and create a file DisableSSL.java in this ifs
folder.
Then compile the java code:
qsh
cd /QIBM/UserData/OS400/sqllib/function
javac DisableSSL.java
2. create stored procedure by running this sql :
create procedure disableSSL() language java parameter style java
hownamesurgum@xxxxxxxxx
'DisableSSL.go‘
3. put this rpg statement: exec sql call disableSSL(); before
httppostclob
Den man. 15. okt. 2018 kl. 23:50 skrev Mohammad Tanveer <
wrote::
I tried the JVM hack but that didn't work .. still getting samecertificate
path error.
On Mon, Oct 15, 2018 at 2:24 PM Arco Simonse <arco400@xxxxxxxxx>
magne.kofoed@xxxxxxxxx>
So does this mean that the SQL HTTP functions do not honor CAcertificates
that are imported in DCM?
Regards,
-Arco
Op maandag 15 oktober 2018 heeft Magne Kofoed <
het
volgende geschreven:
Hi!
here is what I got from IBM and Scott Forstie when I asked him
to/QOpenSys/QIBM/ProdData/JavaVM/jdk60/32bit/jre/lib/security/cacerts
thesolve
httppostclob and ssl problem.
I tried the "JVM Hack" and it works.
"For SSL to work, the client JVM needs to have a certificate for
storeCertificate Authority that issued the certificate on the server.
....
§Or add the certificate for the issuing authority to the trust
next(or
the certificate from the server)
–Get certificate – You can get this from some web browsers (see
slide)
–
–Add it to the trust store of the JVM in use
• keytool -import -trustcacerts -keystore
/tmp/z1235p1.crt-storepass changeit -noprompt -alias z1235p1 -file
affiliateaffiliate(RPG400-L)•applied,
–Warning: The cacerts file may be overwritten when Java ptfs are
so this step may need to be repeated often.--
This is the RPG programming on the IBM i (AS/400 and iSeries)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our
(RPG400-L)link: http://amzn.to/2dEadiD--
This is the RPG programming on the IBM i (AS/400 and iSeries)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our
(RPG400-L)link: http://amzn.to/2dEadiD--
This is the RPG programming on the IBM i (AS/400 and iSeries)
--mailing list--
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
This is the RPG programming on the IBM i (AS/400 and iSeries) (RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
This is the RPG programming on the IBM i (AS/400 and iSeries) (RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
