Re: why HTTPTransportException in the IBM but not in Windows?
Posted: Wed Dec 04, 2024 6:58 pm
Hello everyone,
I’m facing a similar issue with making HTTPS requests from Visual LANSA on an IBM i system. I am using the LANSA Server as the "Client".
I’m using the #Request.DoGet (#Request is a #XPRIM_HttpRequest component) command in my Srvroutine to call an HTTPS endpoint.
The command works fine with HTTP, but when switching to HTTPS, I encounter the following error:
1. Testing on POSTMAN:
The same URL works fine in Postman without issues.
2. Importing Certificates into DCM:
I exported the server's CA certificate and imported it into the *SYSTEM certificate store using IBM i's Digital Certificate Manager (DCM).
3. Changing User authorization
I also gave *R access as well as OBJEXIST authority to these files:
/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB
/QIBM/UserData/ICSS/Cert/Server/DEFAULT.RDB
but I still have the error.
The issue seems to be with IBM i not trusting the CA or some configuration mismatch.
How can I ensure I’m assigning the certificate to the correct application in DCM?
Is there a way to debug the GSKit or LANSA connection further to identify what’s missing?
Has anyone successfully resolved similar issues with HTTPS and Visual LANSA?
Thanks in advance for your help!
Romain
I’m facing a similar issue with making HTTPS requests from Visual LANSA on an IBM i system. I am using the LANSA Server as the "Client".
I’m using the #Request.DoGet (#Request is a #XPRIM_HttpRequest component) command in my Srvroutine to call an HTTPS endpoint.
The command works fine with HTTP, but when switching to HTTPS, I encounter the following error:
What I've Tried:Failed to send outgoing data to the server, HTTPTransportException: Cannot initialize a channel to the remote end.
Failed to establish SSL connection to server, the operation gsk_secure_soc_init() failed.
GSKit Error is 6000 - Certificate is not signed by a trusted certificate authority.
1. Testing on POSTMAN:
The same URL works fine in Postman without issues.
2. Importing Certificates into DCM:
I exported the server's CA certificate and imported it into the *SYSTEM certificate store using IBM i's Digital Certificate Manager (DCM).
3. Changing User authorization
I also gave *R access as well as OBJEXIST authority to these files:
/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB
/QIBM/UserData/ICSS/Cert/Server/DEFAULT.RDB
but I still have the error.
The issue seems to be with IBM i not trusting the CA or some configuration mismatch.
How can I ensure I’m assigning the certificate to the correct application in DCM?
Is there a way to debug the GSKit or LANSA connection further to identify what’s missing?
Has anyone successfully resolved similar issues with HTTPS and Visual LANSA?
Thanks in advance for your help!
Romain