[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: HTTPAPI and Digital Certificate



Sender: Elbert Cook <emcook@xxxxxxxxx>

Thank Ian,

I was wondering if you could share some insight to
another problem.

I need to ftp a file to a bank. The bank requires a
SSL connection. They have supplied the digital
certificate and I need to attach it to our AS400 FTP
server.

With Scott's HTTPAPI, I trusted the certificate to the
application. But I don't have a registrated
application with FTP, unless I need to register one as
the first step.

If you could point me in the right direction, I would
appreciate it.



--- Ian Patterson <ian@xxxxxxxxxxxxxxxxxxxx> wrote:

> Sender: "Ian Patterson" <ian@xxxxxxxxxxxxxxxxxxxx>
> 
> If you can 'see' the Vendors website in a browser,
> do this (Using IE - thats
> all I have)
> 
> View the Website.
> 'Padlock' appears in bottom right of browser to
> signify SSL
> Double click padlock & you see certificate details
> click cert path tab & see cert chain
> highlight top (CA) cert & view certificate
> use details tab, then copy to file button
> Choose p7B format from wizard
> Copy saved certificate (anyname.p7b) to IFS
> 
> Go into DCM
> Follow links to CA certs (in *SYSTEM store)
> import a cert
> specify p7b cert on IFS (e.g. /myfolder/anyname.p7b)
> 
> then trust the cert to your client app
> 
> er.. thats it
> 
> 
> Regards
> 
> Ian Patterson
> 
> ian@xxxxxxxxxxxxxxxxx <mailto:ian@xxxxxxxxxxxxxxxxx>
> 
> Grange IT Limited
> tel 01947 880458
> www.grangesystems.com
> 
> 
> 
> -----Original Message-----
> From: owner-ftpapi@xxxxxxxxxxxxx
> [mailto:owner-ftpapi@xxxxxxxxxxxxx]On
> Behalf Of Elbert Cook
> Sent: 26 July 2004 15:42
> To: ftpapi@xxxxxxxxxxxxx
> Subject: Re: HTTPAPI and Digital Certificate
> 
> 
> Sender: "Elbert Cook" <elbert@xxxxxxxxxxxxxxx>
> 
> Thanks for the reply.
> 
> Sorry to bother you again but I'm a novice at this
> and have another
> question.
> We use a vendor's website that uses a certificate
> authority that is not
> already installed on our Iseries.
> 
> Can I capture the certificate and install it on our
> Iseries?
> 
> 
> ----- Original Message -----
> From: "Scott Klement" <sk@xxxxxxxxxxxxxxxx>
> To: <ftpapi@xxxxxxxxxxxxx>
> Sent: Friday, July 23, 2004 1:39 PM
> Subject: Re: HTTPAPI and Digital Certificate
> 
> 
> > Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>
> >
> >
> > Hi Elbert,
> >
> > > It create a certificate application, and I
> assigned an self-signed
> > > certificate to it.
> > >
> > > (GSKit) Certificate is not signed by a trusted
> certificate authority.
> > > ssl_error(6000): (GSKit) Certificate is not
> signed by a trusted
> > > certificate authority.  SetError() #30: SSL
> Handshake: (GSKit)
> > > Certificate is not signed by a trusted
> certificate author
> >
> > When you receive a digital certificate from a
> computer that you connect
> > to, you have to decide whether or not you trust
> that computer.  The way
> > that trust works in SSL, is that each certificate
> is "signed".  It gets a
> > digital signature from a company.
> >
> > This company can be anybody, but there are
> companies like VeriSign and
> > Thawte that specialize in signing certificates. 
> Whomever signed the
> > certificate is called the "certificate authority."
> >
> > The theory is, if you trust the certificate
> authority, then you know that
> > any certificate that they've signed is genuine. 
> For example, if VeriSign
> > signed my certificate then VeriSign thinks I'm a
> real person.  If you
> > trust VeriSign, then you should also trust me.
> >
> > If I were a hacker, I wouldn't want you to be able
> to trace the
> > certificate back to me, so I wouldn't give
> VeriSign my information, and
> > they wouldn't sign a certificate for me.
> >
> > Hopefully you get the idea...
> >
> > To get HTTPAPI (or any other SSL application on
> the iSeries) to trust a
> > certificate, you have to make sure that the
> certificate authority for that
> > certificate is installed on the iSeries, and that
> your application trusts
> > it.
> >
> > The server in the case of EXAMPLE3 uses a
> certificate from VeriSign which
> > is installed on the iSeries by default.  All you
> have to do is tell the
> > DCM that you trust certificates signed by
> VeriSign.
> >
> > To do that:
> >
> > a) Go into the Digital Certificate Manager (DCM)
> and log-in to the *SYSTEM
> > certificate store.
> >
> > b) Select "Manage Applications" -> "Define CA
> Trust List" -> "Client"
> >
> > c) Select "SCK_HTTPAPI_EXAMPLES" and click the
> "Define Trust List" button.
> >
> > d) The next list will show all of the certificate
> authorities that are
> > installed on your iSeries.  Either select all of
> the certificate
> > authorites that you'll trust manually, or click
> the "Trust All" button.
> >
> > e) Click the OK button at the bottom of the page.
> >
> >
> > Now try running EXAMPLE3 again.
> >
> >
>
-----------------------------------------------------------------------
> > This is the FTPAPI mailing list.  To unsubsribe
> from the list send mail
> > to majordomo@xxxxxxxxxxxxx with the body:
> unsubscribe ftpapi mymailaddr
> >
>
-----------------------------------------------------------------------
> 
>
-----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubsribe from
> the list send mail
> to majordomo@xxxxxxxxxxxxx with the body:
> unsubscribe ftpapi mymailaddr
>
-----------------------------------------------------------------------
> 
> 
>
-----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubsribe from
> the list send mail
> to majordomo@xxxxxxxxxxxxx with the body:
> unsubscribe ftpapi mymailaddr
>
-----------------------------------------------------------------------
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------