Skip to content

Latest commit

 

History

History
54 lines (53 loc) · 3.01 KB

HTTPS-function.md

File metadata and controls

54 lines (53 loc) · 3.01 KB

HTTPS function

Grant certificate store file authority to user which running TLS (SSL) applications

  • When you got GSKit Error is 6003 - Access to the key database is not allowed,
    the user profile which make HTTP request must have READ access to the certificate store file.

    The default system certificate store located on this path:
    /QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB

    This user needs *RX access to all of these directories: / (*PUBLIC default authority *RWX) /QIBM (*PUBLIC default authority *RX) /QIBM/UserData (*PUBLIC default authority *RX) /QIBM/UserData/ICSS (*PUBLIC default authority *RX) /QIBM/UserData/ICSS/Cert (*PUBLIC default authority *RX) /QIBM/UserData/ICSS/Cert/Server (*PUBLIC default authority *EXCLUDE)

    And also need *R access authority to these files: /QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB (*PUBLIC default authority *EXCLUDE) /QIBM/UserData/ICSS/Cert/Server/DEFAULT.RDB (*PUBLIC default authority *EXCLUDE)

    Or, the user must have *ALLOBJ authority

  • Grant authority as following commands...(Change 'youruser' to the https function running userid) CHGAUT OBJ('/') + USER(youruser) DTAAUT(*RX) CHGAUT OBJ('/QIBM') + USER(youruser) DTAAUT(*RX) CHGAUT OBJ('/QIBM/UserData') + USER(youruser) DTAAUT(*RX) CHGAUT OBJ('/QIBM/UserData/ICSS') + USER(youruser) DTAAUT(*RX) CHGAUT OBJ('/QIBM/UserData/ICSS/CERT') + USER(youruser) DTAAUT(*RX) CHGAUT OBJ('/QIBM/UserData/ICSS/CERT/SERVER') USER(youruser) DTAAUT(*RX) CHGAUT OBJ('/QIBM/UserData/ICSS/CERT/SERVER/DEFAULT.KDB') USER(youruser) DTAAUT(*R) CHGAUT OBJ('/QIBM/UserData/ICSS/CERT/SERVER/DEFAULT.RDB') USER(youruser) DTAAUT(*R)