117 lines
7.8 KiB
HTML
117 lines
7.8 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="reference" />
|
||
|
<meta name="DC.Title" content="Troubleshoot HTTP Server for iSeries problems" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu666dcmtroubleshooting.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzahu6ac-troublehttp" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Troubleshoot HTTP Server for iSeries problems</title>
|
||
|
</head>
|
||
|
<body id="rzahu6ac-troublehttp"><a name="rzahu6ac-troublehttp"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Troubleshoot HTTP Server for iSeries problems</h1>
|
||
|
<div><div class="section"><div class="p">
|
||
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><thead align="left"><tr><th valign="top" width="47.474747474747474%" id="d0e22"><span class="uicontrol">Problem</span></th>
|
||
|
<th valign="top" width="52.52525252525253%" id="d0e25"><span class="uicontrol">Possible Solution</span></th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody><tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">Hypertext Transfer Protocol Secure (HTTPS) does not
|
||
|
work.</td>
|
||
|
<td valign="top" width="52.52525252525253%" headers="d0e25 ">Be sure the HTTP Server is configured correctly for
|
||
|
using SSL. In V5R1 or later versions the configuration file must have <span class="uicontrol">SSLAppName</span> set
|
||
|
by using the HTTP Server Administration interface. Also, the configuration
|
||
|
must have a virtual host configured that uses the SSL port, with <span class="uicontrol">SSL</span> set
|
||
|
to <span class="uicontrol">Enabled</span> for the virtual host. There must also be
|
||
|
two <span class="uicontrol">Listen</span> directives specifying two different ports,
|
||
|
one for SSL and the other not for SSL. These are set on the <span class="uicontrol">General
|
||
|
Settings</span> page. Be sure the server instance is created and the
|
||
|
server certificate is signed. </td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">The process for registering an HTTP Server instance
|
||
|
as a secure application needs clarification.</td>
|
||
|
<td valign="top" width="52.52525252525253%" headers="d0e25 ">On your system, go to the HTTP Server Administration
|
||
|
interface to set the configuration for your HTTP Server. You first must define
|
||
|
a virtual host to enable SSL. After you define a virtual host, you must specify
|
||
|
that the virtual host use the SSL port defined previously on the <span class="uicontrol">Listen</span> directive
|
||
|
(on the <span class="uicontrol">General Settings</span> page. Next, you must use the <span class="uicontrol">SSL
|
||
|
with Certificate Authentication</span> page under <span class="uicontrol">Security</span> to
|
||
|
enable SSL in the previously configured virtual host. All changes must be
|
||
|
applied to the configuration file. Note that registering your instance does
|
||
|
not automatically choose which certificates the instance will use. You must
|
||
|
use DCM to assign a specific certificate to your application before you try
|
||
|
to end and then restart your server instance. </td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">You are having difficulty setting up the HTTP Server
|
||
|
for validation lists and optional client authentication.</td>
|
||
|
<td valign="top" width="52.52525252525253%" headers="d0e25 ">See the <a href="../rzaie/rzaiemain.htm">HTTP Server for iSeries™</a> documentation for options
|
||
|
on setting up the instance. </td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">Netscape Communicator waits for the configuration directive
|
||
|
in the HTTP Server code to expire before allowing you to select a different
|
||
|
certificate.</td>
|
||
|
<td valign="top" width="52.52525252525253%" headers="d0e25 ">A large certificate value makes it hard to register
|
||
|
a second certificate since the browser is still using the first one.</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">You are trying to get the browser to present the X.509
|
||
|
certificate to the HTTP Server so that you can use the certificate as input
|
||
|
to the <a href="../apis/qsyaddvc.htm">QsyAddVldlCertificate</a> API.</td>
|
||
|
<td valign="top" width="52.52525252525253%" headers="d0e25 ">You must use <span class="uicontrol">SSLEnable</span> and <span class="uicontrol">SSLClientAuth
|
||
|
ON</span> in order to get the HTTP Server to load the HTTPS_CLIENT_CERTIFICATE
|
||
|
environment variable. You can locate information about these
|
||
|
APIs with the <a href="../apifinder/finder.htm">API
|
||
|
finder</a> topic in the Information Center. You may also want to look at
|
||
|
these validation list or certificate-related APIs: <ul><li>QsyListVldlCertificates and QSYLSTVC</li>
|
||
|
<li>QsyRemoveVldlCertificate and QRMVVC</li>
|
||
|
<li>QsyCheckVldlCertificate and QSYCHKVC</li>
|
||
|
<li>QsyParseCertificate and QSYPARSC, and so on.</li>
|
||
|
</ul>
|
||
|
</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">The HTTP Server takes too long to return, or times out
|
||
|
if you request a list of the certificates in the validation list and there
|
||
|
are more than 10,000 items.</td>
|
||
|
<td valign="top" width="52.52525252525253%" headers="d0e25 ">Create a batch job that looks for and deletes certificates
|
||
|
matching certain criteria, such as all those that have expired or are from
|
||
|
a certain CA.</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">The HTTP Server will not start successfully with <span class="uicontrol">SSL</span> set
|
||
|
to <span class="uicontrol">Enabled</span>, and error message <samp class="codeph">HTP8351</samp> appears
|
||
|
in the job log. The error log for the HTTP Server shows an error that SSL
|
||
|
Initialization operation failed with a return code error of <samp class="codeph">107</samp> when
|
||
|
the HTTP Server fails.</td>
|
||
|
<td valign="top" width="52.52525252525253%" headers="d0e25 ">Error <samp class="codeph">107</samp> means the certificate has
|
||
|
expired. Use DCM to assign a different certificate to the application; for
|
||
|
example, QIBM_HTTP_SERVER_MY_SERVER. If the server instance that is failing
|
||
|
to start is the *ADMIN server, then temporarily set <span class="uicontrol">SSL</span> to <span class="cmdname">Disabled</span> so
|
||
|
that you can use DCM on the *ADMIN server. Then use DCM to assign a different
|
||
|
certificate to the QIBM_HTTP_SERVER_ADMIN application and try setting <span class="uicontrol">SSL</span> to <span class="uicontrol">Enable</span> again. </td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
</div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu666dcmtroubleshooting.htm" title="Review this information to learn how to resolve some of the more common errors that you may experience when using DCM.">Troubleshoot DCM</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|