| Hypertext Transfer Protocol Secure (HTTPS) does not
work. |
Be sure the HTTP Server is configured correctly for
using SSL. In V5R1 or later versions the configuration file must have SSLAppName set
by using the HTTP Server Administration interface. Also, the configuration
must have a virtual host configured that uses the SSL port, with SSL set
to Enabled for the virtual host. There must also be
two Listen directives specifying two different ports,
one for SSL and the other not for SSL. These are set on the General
Settings page. Be sure the server instance is created and the
server certificate is signed. |
| The process for registering an HTTP Server instance
as a secure application needs clarification. |
On your system, go to the HTTP Server Administration
interface to set the configuration for your HTTP Server. You first must define
a virtual host to enable SSL. After you define a virtual host, you must specify
that the virtual host use the SSL port defined previously on the Listen directive
(on the General Settings page. Next, you must use the SSL
with Certificate Authentication page under Security to
enable SSL in the previously configured virtual host. All changes must be
applied to the configuration file. Note that registering your instance does
not automatically choose which certificates the instance will use. You must
use DCM to assign a specific certificate to your application before you try
to end and then restart your server instance. |
| You are having difficulty setting up the HTTP Server
for validation lists and optional client authentication. |
See the HTTP Server for iSeries™ documentation for options
on setting up the instance. |
| Netscape Communicator waits for the configuration directive
in the HTTP Server code to expire before allowing you to select a different
certificate. |
A large certificate value makes it hard to register
a second certificate since the browser is still using the first one. |
| You are trying to get the browser to present the X.509
certificate to the HTTP Server so that you can use the certificate as input
to the QsyAddVldlCertificate API. |
You must use SSLEnable and SSLClientAuth
ON in order to get the HTTP Server to load the HTTPS_CLIENT_CERTIFICATE
environment variable. You can locate information about these
APIs with the API
finder topic in the Information Center. You may also want to look at
these validation list or certificate-related APIs: - QsyListVldlCertificates and QSYLSTVC
- QsyRemoveVldlCertificate and QRMVVC
- QsyCheckVldlCertificate and QSYCHKVC
- QsyParseCertificate and QSYPARSC, and so on.
|
| The HTTP Server takes too long to return, or times out
if you request a list of the certificates in the validation list and there
are more than 10,000 items. |
Create a batch job that looks for and deletes certificates
matching certain criteria, such as all those that have expired or are from
a certain CA. |
| The HTTP Server will not start successfully with SSL set
to Enabled, and error message HTP8351 appears
in the job log. The error log for the HTTP Server shows an error that SSL
Initialization operation failed with a return code error of 107 when
the HTTP Server fails. |
Error 107 means the certificate has
expired. Use DCM to assign a different certificate to the application; for
example, QIBM_HTTP_SERVER_MY_SERVER. If the server instance that is failing
to start is the *ADMIN server, then temporarily set SSL to Disabled so
that you can use DCM on the *ADMIN server. Then use DCM to assign a different
certificate to the QIBM_HTTP_SERVER_ADMIN application and try setting SSL to Enable again. |