ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahu_5.4.0.1/rzahurzahu6actroublehttp.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Troubleshoot HTTP Server for iSeries problems" />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu666dcmtroubleshooting.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahu6ac-troublehttp" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Troubleshoot HTTP Server for iSeries problems</title>
</head>
<body id="rzahu6ac-troublehttp"><a name="rzahu6ac-troublehttp"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Troubleshoot HTTP Server for iSeries problems</h1>
<div><div class="section"><div class="p"> 
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><thead align="left"><tr><th valign="top" width="47.474747474747474%" id="d0e22"><span class="uicontrol">Problem</span></th>
<th valign="top" width="52.52525252525253%" id="d0e25"><span class="uicontrol">Possible Solution</span></th>
</tr>
</thead>
<tbody><tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">Hypertext Transfer Protocol Secure (HTTPS) does not
work.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">Be sure the HTTP Server is configured correctly for
using SSL. In V5R1 or later versions the configuration file must have <span class="uicontrol">SSLAppName</span> set
by using the HTTP Server Administration interface. Also, the configuration
must have a virtual host configured that uses the SSL port, with <span class="uicontrol">SSL</span> set
to <span class="uicontrol">Enabled</span> for the virtual host. There must also be
two <span class="uicontrol">Listen</span> directives specifying two different ports,
one for SSL and the other not for SSL. These are set on the <span class="uicontrol">General
Settings</span> page. Be sure the server instance  is created and the
server certificate is signed. </td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">The process for registering an HTTP Server instance
as a secure application needs clarification.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">On your system, go to the HTTP Server Administration
interface to set the configuration for your HTTP Server. You first must define
a virtual host to enable SSL. After you define a virtual host, you must specify
that the virtual host use the SSL port defined previously on the <span class="uicontrol">Listen</span> directive
(on the <span class="uicontrol">General Settings</span> page. Next, you must use the <span class="uicontrol">SSL
with Certificate Authentication</span> page under <span class="uicontrol">Security</span> to
enable SSL in the previously configured virtual host. All changes must be
applied to the configuration file. Note that registering your instance does
not automatically choose which certificates the instance will use. You must
use DCM to assign a specific certificate to your application before you try
to end and then restart your server instance. </td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">You are having difficulty setting up the HTTP Server
for validation lists and optional client authentication.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">See the <a href="../rzaie/rzaiemain.htm">HTTP Server for iSeries™</a> documentation for options
on setting up the instance. </td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">Netscape Communicator waits for the configuration directive
in the HTTP Server code to expire before allowing you to select a different
certificate.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">A large certificate value makes it hard to register
a second certificate since the browser is still using the first one.</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">You are trying to get the browser to present the X.509
certificate to the HTTP Server so that you can use the certificate as input
to the  <a href="../apis/qsyaddvc.htm">QsyAddVldlCertificate</a> API.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">You must use <span class="uicontrol">SSLEnable</span> and <span class="uicontrol">SSLClientAuth
ON</span> in order to get the HTTP Server  to load the HTTPS_CLIENT_CERTIFICATE
environment variable. You can locate information about these
APIs with the <a href="../apifinder/finder.htm">API
finder</a> topic in the Information Center. You may also want to look at
these validation list or certificate-related APIs: <ul><li>QsyListVldlCertificates and QSYLSTVC</li>
<li>QsyRemoveVldlCertificate and QRMVVC</li>
<li>QsyCheckVldlCertificate and QSYCHKVC</li>
<li>QsyParseCertificate and QSYPARSC, and so on.</li>
</ul>
</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">The HTTP Server takes too long to return, or times out
if you request a list of the certificates in the validation list and there
are more than 10,000 items.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">Create a batch job that looks for and deletes certificates
matching certain criteria, such as all those that have expired or are from
a certain CA.</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">The HTTP Server will not start successfully with <span class="uicontrol">SSL</span> set
to <span class="uicontrol">Enabled</span>, and error message <samp class="codeph">HTP8351</samp> appears
in the job log. The error log for the HTTP Server shows an error that SSL
Initialization operation failed with a return code error of <samp class="codeph">107</samp> when
the HTTP Server fails.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">Error <samp class="codeph">107</samp> means the certificate has
expired. Use DCM to assign a different certificate to the application; for
example, QIBM_HTTP_SERVER_MY_SERVER. If the server instance that is failing
to start is the *ADMIN server, then temporarily set <span class="uicontrol">SSL</span> to <span class="cmdname">Disabled</span> so
that you can use DCM on the *ADMIN server. Then use DCM to assign a different
certificate to the QIBM_HTTP_SERVER_ADMIN application and try setting <span class="uicontrol">SSL</span> to <span class="uicontrol">Enable</span> again. </td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu666dcmtroubleshooting.htm" title="Review this information to learn how to resolve some of the more common errors that you may experience when using DCM.">Troubleshoot DCM</a></div>
</div>
</div>
</body>
</html>