[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: HTTPAPI and Digital Certificate
Sender: "Elbert Cook" <elbert@xxxxxxxxxxxxxxx>
Thanks for the reply.
Sorry to bother you again but I'm a novice at this and have another
question.
We use a vendor's website that uses a certificate authority that is not
already installed on our Iseries.
Can I capture the certificate and install it on our Iseries?
----- Original Message -----
From: "Scott Klement" <sk@xxxxxxxxxxxxxxxx>
To: <ftpapi@xxxxxxxxxxxxx>
Sent: Friday, July 23, 2004 1:39 PM
Subject: Re: HTTPAPI and Digital Certificate
> Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>
>
>
> Hi Elbert,
>
> > It create a certificate application, and I assigned an self-signed
> > certificate to it.
> >
> > (GSKit) Certificate is not signed by a trusted certificate authority.
> > ssl_error(6000): (GSKit) Certificate is not signed by a trusted
> > certificate authority. SetError() #30: SSL Handshake: (GSKit)
> > Certificate is not signed by a trusted certificate author
>
> When you receive a digital certificate from a computer that you connect
> to, you have to decide whether or not you trust that computer. The way
> that trust works in SSL, is that each certificate is "signed". It gets a
> digital signature from a company.
>
> This company can be anybody, but there are companies like VeriSign and
> Thawte that specialize in signing certificates. Whomever signed the
> certificate is called the "certificate authority."
>
> The theory is, if you trust the certificate authority, then you know that
> any certificate that they've signed is genuine. For example, if VeriSign
> signed my certificate then VeriSign thinks I'm a real person. If you
> trust VeriSign, then you should also trust me.
>
> If I were a hacker, I wouldn't want you to be able to trace the
> certificate back to me, so I wouldn't give VeriSign my information, and
> they wouldn't sign a certificate for me.
>
> Hopefully you get the idea...
>
> To get HTTPAPI (or any other SSL application on the iSeries) to trust a
> certificate, you have to make sure that the certificate authority for that
> certificate is installed on the iSeries, and that your application trusts
> it.
>
> The server in the case of EXAMPLE3 uses a certificate from VeriSign which
> is installed on the iSeries by default. All you have to do is tell the
> DCM that you trust certificates signed by VeriSign.
>
> To do that:
>
> a) Go into the Digital Certificate Manager (DCM) and log-in to the *SYSTEM
> certificate store.
>
> b) Select "Manage Applications" -> "Define CA Trust List" -> "Client"
>
> c) Select "SCK_HTTPAPI_EXAMPLES" and click the "Define Trust List" button.
>
> d) The next list will show all of the certificate authorities that are
> installed on your iSeries. Either select all of the certificate
> authorites that you'll trust manually, or click the "Trust All" button.
>
> e) Click the OK button at the bottom of the page.
>
>
> Now try running EXAMPLE3 again.
>
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list. To unsubsribe from the list send mail
> to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
> -----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------