SSL FAQ
What licensed program do I need installed for SSL to work?
You'll need to make sure you have cryptographic support installed. This is a free product from IBM. Contact your IBM Business Partner and they should be able to get it to you. Here are the Licensed Program details:
5722AC3 Crypto Access Provider 128-bit for AS/400
I'm receiving the error "Error performing SSL handshake. There is no error. RC(23) errno()." How can I fix this?
This error is saying that you don't have the proper Certificate Authority(ies) (CAs) installed on your machine in order to communicate over SSL with the web service you are using. You'll need to install the CAs required for this.
This page will provide instructions on how this is done.
I'm receiving an error like "Error during initializing SSL. Permission Denied. RC(10) errno(3401)" or "Error initializing SSL Environment. RC(6003) Access to the key database is not allowed.". What do I need to do to fix this?
This is because the user that is making the request does not have the proper authorities to the SSL keyring files and/or directory that are located in the IFS. The keyring files (on most systems) can be found by using the following command:
WRKLNK '/QIBM/UserData/ICSS/Cert/Server/*'
You will need to grant at least *RX authority to the directory and *R authority to the objects contained within the directory for the users that you want to be able to use SSL features. Normally granting *PUBLIC these authorities will be good enough.
Normally running the following commands will fix this issue:
CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server') USER(*PUBLIC) DTAAUT(*RX)
CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server/*') USER(*PUBLIC) DTAAUT(*R)
Other Common SSL Return Codes
Click Here for a list of common SSL Return Codes