[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: HTTPAPI and Digital Certificate
Sender: Elbert Cook <emcook@xxxxxxxxx>
Thank Ian,
I was wondering if you could share some insight to
another problem.
I need to ftp a file to a bank. The bank requires a
SSL connection. They have supplied the digital
certificate and I need to attach it to our AS400 FTP
server.
With Scott's HTTPAPI, I trusted the certificate to the
application. But I don't have a registrated
application with FTP, unless I need to register one as
the first step.
If you could point me in the right direction, I would
appreciate it.
--- Ian Patterson <ian@xxxxxxxxxxxxxxxxxxxx> wrote:
> Sender: "Ian Patterson" <ian@xxxxxxxxxxxxxxxxxxxx>
>
> If you can 'see' the Vendors website in a browser,
> do this (Using IE - thats
> all I have)
>
> View the Website.
> 'Padlock' appears in bottom right of browser to
> signify SSL
> Double click padlock & you see certificate details
> click cert path tab & see cert chain
> highlight top (CA) cert & view certificate
> use details tab, then copy to file button
> Choose p7B format from wizard
> Copy saved certificate (anyname.p7b) to IFS
>
> Go into DCM
> Follow links to CA certs (in *SYSTEM store)
> import a cert
> specify p7b cert on IFS (e.g. /myfolder/anyname.p7b)
>
> then trust the cert to your client app
>
> er.. thats it
>
>
> Regards
>
> Ian Patterson
>
> ian@xxxxxxxxxxxxxxxxx <mailto:ian@xxxxxxxxxxxxxxxxx>
>
> Grange IT Limited
> tel 01947 880458
> www.grangesystems.com
>
>
>
> -----Original Message-----
> From: owner-ftpapi@xxxxxxxxxxxxx
> [mailto:owner-ftpapi@xxxxxxxxxxxxx]On
> Behalf Of Elbert Cook
> Sent: 26 July 2004 15:42
> To: ftpapi@xxxxxxxxxxxxx
> Subject: Re: HTTPAPI and Digital Certificate
>
>
> Sender: "Elbert Cook" <elbert@xxxxxxxxxxxxxxx>
>
> Thanks for the reply.
>
> Sorry to bother you again but I'm a novice at this
> and have another
> question.
> We use a vendor's website that uses a certificate
> authority that is not
> already installed on our Iseries.
>
> Can I capture the certificate and install it on our
> Iseries?
>
>
> ----- Original Message -----
> From: "Scott Klement" <sk@xxxxxxxxxxxxxxxx>
> To: <ftpapi@xxxxxxxxxxxxx>
> Sent: Friday, July 23, 2004 1:39 PM
> Subject: Re: HTTPAPI and Digital Certificate
>
>
> > Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>
> >
> >
> > Hi Elbert,
> >
> > > It create a certificate application, and I
> assigned an self-signed
> > > certificate to it.
> > >
> > > (GSKit) Certificate is not signed by a trusted
> certificate authority.
> > > ssl_error(6000): (GSKit) Certificate is not
> signed by a trusted
> > > certificate authority. SetError() #30: SSL
> Handshake: (GSKit)
> > > Certificate is not signed by a trusted
> certificate author
> >
> > When you receive a digital certificate from a
> computer that you connect
> > to, you have to decide whether or not you trust
> that computer. The way
> > that trust works in SSL, is that each certificate
> is "signed". It gets a
> > digital signature from a company.
> >
> > This company can be anybody, but there are
> companies like VeriSign and
> > Thawte that specialize in signing certificates.
> Whomever signed the
> > certificate is called the "certificate authority."
> >
> > The theory is, if you trust the certificate
> authority, then you know that
> > any certificate that they've signed is genuine.
> For example, if VeriSign
> > signed my certificate then VeriSign thinks I'm a
> real person. If you
> > trust VeriSign, then you should also trust me.
> >
> > If I were a hacker, I wouldn't want you to be able
> to trace the
> > certificate back to me, so I wouldn't give
> VeriSign my information, and
> > they wouldn't sign a certificate for me.
> >
> > Hopefully you get the idea...
> >
> > To get HTTPAPI (or any other SSL application on
> the iSeries) to trust a
> > certificate, you have to make sure that the
> certificate authority for that
> > certificate is installed on the iSeries, and that
> your application trusts
> > it.
> >
> > The server in the case of EXAMPLE3 uses a
> certificate from VeriSign which
> > is installed on the iSeries by default. All you
> have to do is tell the
> > DCM that you trust certificates signed by
> VeriSign.
> >
> > To do that:
> >
> > a) Go into the Digital Certificate Manager (DCM)
> and log-in to the *SYSTEM
> > certificate store.
> >
> > b) Select "Manage Applications" -> "Define CA
> Trust List" -> "Client"
> >
> > c) Select "SCK_HTTPAPI_EXAMPLES" and click the
> "Define Trust List" button.
> >
> > d) The next list will show all of the certificate
> authorities that are
> > installed on your iSeries. Either select all of
> the certificate
> > authorites that you'll trust manually, or click
> the "Trust All" button.
> >
> > e) Click the OK button at the bottom of the page.
> >
> >
> > Now try running EXAMPLE3 again.
> >
> >
>
-----------------------------------------------------------------------
> > This is the FTPAPI mailing list. To unsubsribe
> from the list send mail
> > to majordomo@xxxxxxxxxxxxx with the body:
> unsubscribe ftpapi mymailaddr
> >
>
-----------------------------------------------------------------------
>
>
-----------------------------------------------------------------------
> This is the FTPAPI mailing list. To unsubsribe from
> the list send mail
> to majordomo@xxxxxxxxxxxxx with the body:
> unsubscribe ftpapi mymailaddr
>
-----------------------------------------------------------------------
>
>
>
-----------------------------------------------------------------------
> This is the FTPAPI mailing list. To unsubsribe from
> the list send mail
> to majordomo@xxxxxxxxxxxxx with the body:
> unsubscribe ftpapi mymailaddr
>
-----------------------------------------------------------------------
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------