Or start the jvm whenever the job starts.. or user logs in.. its a one time
overhead.. not a big issue ..

On Wed, Oct 17, 2018 at 4:44 PM Magne Kofoed <magne.kofoed@xxxxxxxxx> wrote:

Ok , i did also import the certificate and it works fine.

But the first httppostclob will start the jvm and this takes a while.

So i think i will have to put the httppostclob in a dtaq job that has the
jvm running all the time.


Den ons. 17. okt. 2018, 21:15 skrev Mohammad Tanveer <surgum@xxxxxxxxx>:

Yes I followed the same steps.. but disable logic didn't work. Finally
admins were able to import the certificates correctly based on an input
from IBM they created a cert file.

The only change I had to do in my program before calling the function is
to add an environment variable like following.

Call the ADDENVVAR ENVVAR(IBM_JAVA_OPTIONS)
VALUE('-Djavax.net.ssl.trustStore=/mycertstore.jks') REPLACE(*YES) before
the HTTPPOSTCLOBVERBOSE UDF.


On Tue, Oct 16, 2018 at 2:43 AM Magne Kofoed <magne.kofoed@xxxxxxxxx>
wrote:

How did you do the JVM hack?

Here is what i did with the JVM hack:
1. compile the java code to the ifs folder
/QIBM/UserData/OS400/sqllib/fu
nction
First take the java code and create a file DisableSSL.java in this ifs
folder.
Then compile the java code:
qsh
cd /QIBM/UserData/OS400/sqllib/function
javac DisableSSL.java

2. create stored procedure by running this sql :
create procedure disableSSL() language java parameter style java
external
name
'DisableSSL.go‘
3. put this rpg statement: exec sql call disableSSL(); before
httppostclob



Den man. 15. okt. 2018 kl. 23:50 skrev Mohammad Tanveer <
surgum@xxxxxxxxx
:

I tried the JVM hack but that didn't work .. still getting same
certificate
path error.

On Mon, Oct 15, 2018 at 2:24 PM Arco Simonse <arco400@xxxxxxxxx>
wrote:

So does this mean that the SQL HTTP functions do not honor CA
certificates
that are imported in DCM?

Regards,
-Arco

Op maandag 15 oktober 2018 heeft Magne Kofoed <
magne.kofoed@xxxxxxxxx>
het
volgende geschreven:

Hi!

here is what I got from IBM and Scott Forstie when I asked him
how
to
solve
httppostclob and ssl problem.
I tried the "JVM Hack" and it works.

"For SSL to work, the client JVM needs to have a certificate for
the
Certificate Authority that issued the certificate on the server.

....

§Or add the certificate for the issuing authority to the trust
store
(or
the certificate from the server)

–Get certificate – You can get this from some web browsers (see
next
slide)

–Add it to the trust store of the JVM in use

• keytool -import -trustcacerts -keystore

/QOpenSys/QIBM/ProdData/JavaVM/jdk60/32bit/jre/lib/security/cacerts
-storepass changeit -noprompt -alias z1235p1 -file
/tmp/z1235p1.crt


–Warning: The cacerts file may be overwritten when Java ptfs are
applied,
so this step may need to be repeated often.


--
This is the RPG programming on the IBM i (AS/400 and iSeries)
(RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD
--
This is the RPG programming on the IBM i (AS/400 and iSeries)
(RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD
--
This is the RPG programming on the IBM i (AS/400 and iSeries)
(RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the RPG programming on the IBM i (AS/400 and iSeries) (RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the RPG programming on the IBM i (AS/400 and iSeries) (RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].