How to Protect Secure Websites & APIs from Certificates Expiring

API & web security on IBM iIf you have encrypted your website, API, Telnet server, or other service with TLS (SSL), good for you!

Now, do you know when those certificates will expire? If they expire without renewal, your service could become unavailable without warning.

In the past, to find expiration dates for digital certificates on IBM i, you’d either have to look in the Digital Certificate Manager (DCM), call the Retrieve Certificate Information (QYCURTVCI, QycuRetrieveCertificateInfo) API, or keep extremely good notes!

CERTIFICATE_INFO, an IBM i service recently delivered by IBM, solves all this. This SQL table function, documented here, returns a result table that contains information about server or Certificate Authority (CA) certificates, including their expiration date.

Here’s how to use CERTIFICATE_INFO to find expiring certificates.

Read more

Node.js v20 and Other Updated Packages Require New IBM i Repositories

IBM i open source for businessAs we mentioned in our article on installing ODBC via yum, the latest IBM i open source packages require new repositories.

A notable example is Node.js v20. When we hear users say, “I don’t see Node.js v20 listed in available packages, and yum returns ‘No package nodejs20 available‘,” the reason invariably is that the new repositories, ibmi-base and ibmi-release, have not been installed.

Read more

What IBM i Users Should Check when Learning of an Open Source Security Vulnerability

API & web security on IBM iA client asked about a vulnerability found in libwebp, which is used by PHP’s image-handling gd extension.

My first step was to find a reputable source for details. According to this trusted article about the vulnerability, the issue affected only libwebp versions 1.3.1 and earlier. I checked our own system and found we had a patched version from IBM, so we were safe. The client was, too.

Here is the procedure you can use for checking the version of this or any other open source package on IBM i. Read more

APCu Extension Added to Seiden CP+ PHP

Seiden's CP+ PHPPHP sites and APIs on IBM i have a new way to run even faster. As noted in our CP+ PHP Changelog, we have added the APCu extension to our PHP distribution.

The APC User Cache (APCu) extension is an “in-memory key-value store for PHP” that evolved from the old APC extension (minus the opcode caching). We added APCu at the request of a Linux PHP user who migrated their PHP application to the IBM i to simplify their architecture.

Read more

Finding Security Fixes for Apache on IBM i

API and web security for IBM iThe Apache-based IBM HTTP Server for i is a vital defense in web and API security for IBM i. As such, it requires regular attention.

IBM Support’s PCI Compliance web page is a resource we use to help our clients protect their systems.

Even if your organization does not process, store, or transmit credit card information, applying the PTFs recommended for PCI compliance constitutes a general best practice for IBM i web and API security.

Read more

Our Favorite ibm_db2 Settings for PHP

PHP on IBM iWhen supporting our Seiden CP+ PHP, we found that documentation for the “classic” ibm_db2 extension for IBM i wasn’t easy to find.

To help ourselves as well as others, we updated the PHP.net manual to describe each ibm_db2.i5_* setting. This blog post links to that manual page and highlights a few of our favorite ibm_db2 settings.

Read more

Read-only Mode in VS Code for IBM i

Code for IBM iIf you are using the Code for i extension and would like to “browse” or view certain source members without the risk of modifying them, use the “Read only” or “Protected” capability.

Read more

URL Rewriting with Apache Web Server

Apache HTTP Server ProjectThe Apache web server—included on IBM i as HTTP Server for i—contains a powerful feature known as mod_rewrite that can convert URLs (API or Web) from their original versions to any format you need.

This article offers a small taste of what URL Rewriting can do.

Read more

PHP 8.3 for IBM i Released in Seiden CP+ PHP

PHP on IBM iLast week the IBM i community got PHP 8.3, the newest version, via Seiden’s CP+ PHP.

While PHP 8.3 has valuable updates, PHP 8.0 and lower are no longer receiving even security fixes, increasing your risk of issues with security and certainly with your next security audit. Contact Alan for a free upgrade assessment.

PHP 8.3’s new features include json_validate. You’ll find the full list of changes and supporting details at PHP.Watch.

Read more

Use grep to Search IBM i Source Members (RPG, CL, COBOL, more)

Updated: January 4, 2024

From the Seiden SmartSupport mailbag:

One issue I keep coming across is the inability to search for text in source members across all libraries. We use a commercial tool, but it is expensive and cumbersome. Coming from the Linux world, where I can “grep” for anything, I find this a ridiculous restriction.

Read more