IBM i

 View Only
Expand all | Collapse all

Use of HTTP_POST resulting in GSKit Error is 6000 - Certificate is not signed by a trusted certificate authority.

Jump to Best Answer
  • 1.  Use of HTTP_POST resulting in GSKit Error is 6000 - Certificate is not signed by a trusted certificate authority.

    Posted Thu April 14, 2022 08:05 AM
    I am trying an example I saw in a Tim Rowe & Scott Forstie example to send a text message from IBM i using SQL.  Basically it goes like this:
    values QSYS2.HTTP_POST(
    'https://api.twilio.com/2010-04-01/Accounts/AC<redacted>/Messages.json',
    cast(
    '&To=+12605551212' concat
    '&From=+12675551212' concat
    '&Body=Sample Text ' as varchar(855)),
    '{"basicAuth":"AC<redacted>,<redacted>",
    "header":"content-type,application/x-www-form-urlencoded"}');

    However I am getting
    SQL State: 38501
    Vendor Code: -443
    Message: [SQL0443] AXISC ERROR  : HTTPTransportException: Cannot initialize a channel to the remote end.
    Failed to establish SSL connection to server, the operation gsk_secure_soc_init() failed.
    GSKit Error is 6000 - Certificate is not signed by a trusted certificate authority.


    Coworker suggested this link:
    https://www.ibm.com/docs/en/i/7.4?topic=programming-http-functions-overview
    Basically it looks like either I figure out the certificate issues and put them into DCM or run the script at this site and create a new store and always specify this store when running any https type service .


    I looked at twilio's site. I see this chain:
    DigiCert
    -DigiCert TLS RSA SHA256 2020 CA1
    --*.twilio.com
    Do I perform actions based on this chain? Or do I just do that script on Knowledge Center?



    ------------------------------
    Robert Berendt
    ------------------------------


  • 2.  RE: Use of HTTP_POST resulting in GSKit Error is 6000 - Certificate is not signed by a trusted certificate authority.

    Posted Thu April 14, 2022 09:39 AM
    Hi Robert,

    if you try a simple get like:

    VALUES QSYS2.HTTP_get(
                 'https://api.twilio.com/',
                 '{"header":"content-type,application/x-www-form-urlencoded"}');
    ​
    it works?

    this is the result:

    <?xml version='1.0' encoding='UTF-8'?>
    <TwilioResponse><Versions><Versions><Version><Name>2010-04-01</Name><Uri>/2010-04-01</Uri><SubresourceUris><Accounts>/2010-04-01/Accounts</Accounts></SubresourceUris></Version></Versions></Versions></TwilioResponse>​


    If I connect to my dcm:

    http://myibmi:2006/dcm/mainframe/system

    I found all these ca cert:

    Do you have it?

    Bye



    ------------------------------
    Paolo Salvatore
    ------------------------------



  • 3.  RE: Use of HTTP_POST resulting in GSKit Error is 6000 - Certificate is not signed by a trusted certificate authority.

    Posted Thu April 14, 2022 09:56 AM
    I'm missing the Digicert stuff that twilio uses.  Which is sad because that's our cert supplier and it now lets the world know that we've not set up ssl on our main production machine for ERP.

    ------------------------------
    Robert Berendt
    ------------------------------



  • 4.  RE: Use of HTTP_POST resulting in GSKit Error is 6000 - Certificate is not signed by a trusted certificate authority.

    Posted Thu April 14, 2022 11:14 AM
    I followed some examples on how to export certificates from twilio and import them into DCM, modifying them slightly for the new DCM .
    Now the sql works like a champ.
    Documentation - SSL Documentation (bvstools.com)

    ------------------------------
    Robert Berendt
    ------------------------------



  • 5.  RE: Use of HTTP_POST resulting in GSKit Error is 6000 - Certificate is not signed by a trusted certificate authority.
    Best Answer

    Posted Thu April 14, 2022 04:03 PM
    Simple solution.
    Go into New Navigator.
    Bookmarks
    IBM Digital Certificate Manager for i
    Open or Create the *SYSTEM store
    "Populate with CAs"
    Simple as pie!

    ------------------------------
    Robert Berendt
    ------------------------------