[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CA certificate problem with httpapi

To: <ftpapi@xxxxxxxxxxxxx>
Subject: RE: CA certificate problem with httpapi
From: "Ian Patterson" <ian@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 29 Sep 2004 08:33:41 +0100
Importance: Normal
In-reply-to: <001101c4a5ae$87a35f60$0c03a8c0@ArtJrTsa>
Reply-to: ftpapi@xxxxxxxxxxxxx
Sender: owner-ftpapi@xxxxxxxxxxxxx

Sender: "Ian Patterson" <ian@xxxxxxxxxxxxxxxxxxxx>

Scott:
I don't think its an httpapi issue either. This problem is on 1.9
I addressed the query here because its the only place people seem to
understand the DCM.

Art:
The Verisign class 3 cert was the one we installed.
The cert seems to come with 5.2 (definately not in 5.1), & failed with the
signing error.
So we installed our own copy of the Verisign cert (seems identical to the
one we deleted) & got the same error.
Its as if the AS/400 does not <trust> the Verisign certificate.

As of now I'm stuffed as to know what to do next.

Regards

Ian Patterson

ian@xxxxxxxxxxxxxxxxx <mailto:ian@xxxxxxxxxxxxxxxxx>

Grange IT Limited
tel 01947 880458
www.grangesystems.com

-----Original Message-----
From: owner-ftpapi@xxxxxxxxxxxxx [mailto:owner-ftpapi@xxxxxxxxxxxxx]On
Behalf Of Art Tostaine, Jr.
Sent: 28 September 2004 23:57
To: ftpapi@xxxxxxxxxxxxx
Subject: RE: CA certificate problem with httpapi

Sender: "Art Tostaine, Jr." <artjr@xxxxxxxxxxx>

Whenever I've had the trusted root error, I've always had to install the
"root certificate" from verisign.

If you search their web site, you'll find it.

I think their root cert means you trust them, then the cert you paid for
makes you trusted.

Blah.  I have customers using this crap for PO Verification.  Sure
wouldn't want some hacker knowing when that PO cancels.  Of course, if
he really wanted to know, he could just call and say he is xyz company,
and they'll give him the info.

Art Tostaine, Jr.
CCA, Inc.
Jackson, NJ 08527

-----Original Message-----
From: owner-ftpapi@xxxxxxxxxxxxx [mailto:owner-ftpapi@xxxxxxxxxxxxx] On
Behalf Of Scott Klement
Sent: Tuesday, September 28, 2004 5:53 PM
To: ftpapi@xxxxxxxxxxxxx
Subject: Re: CA certificate problem with httpapi

Sender: Scott Klement <klemscot@xxxxxxxxxxxx>

Are you sure that this is related to HTTPAPI?  Are you saying that it
worked in 1.9 but does not in 1.10, and no changes were made?

Pretty much all the certificate/trust, etc issues are part of the DCM, I
don't deal with that stuff at all in HTTPAPI, I just let the system do
the
work.

---
Scott Klement
I.T. Manager / Senior Programmer
Klement Sausage Co., Inc.
http://www.klements.com
http://www.scottklement.com

On Tue, 28 Sep 2004, Ian Patterson wrote:

> Sender: "Ian Patterson" <ian@xxxxxxxxxxxxxxxxxxxx>
>
> We have hit the following problem today.
> Has anyone else had a similar situation & fixed it ?
>
> AS/400 is V5R2
>
> We have the correct CA class 3 certificate (from Verisign) in the DCM
and it
> is in the trusted list for our client (httpapi program).
> The certificate validates OK when checked in the DCM.
>
> When we connect to the remote server we get the error:
> "Certificate not signed by a trusted Certificate Authority"
>
> I know for certain that the certificate I have installed into the DCM
is the
> correct one. Its working on other AS/400's including release 5.2
>
> The AS/400 in question has very high levels of security, and a
ridiculous
> firewall system that took us a week to get out from, but I wouldn't
think
> this would be the issue ?
>
> Any ideas ?
>
> Regards
>
> Ian Patterson
>
> ian@xxxxxxxxxxxxxxxxx <mailto:ian@xxxxxxxxxxxxxxxxx>
>
> Grange IT Limited
> tel 01947 880458
> www.grangesystems.com
>
>
>
-----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubsribe from the list send
mail
> to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi
mymailaddr
>
-----------------------------------------------------------------------
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------

References:
- RE: CA certificate problem with httpapi
  - From: Art Tostaine, Jr.

Prev by Date: RE: CA certificate problem with httpapi
Next by Date: TESTPUT NAMEFMT 1
Previous by thread: RE: CA certificate problem with httpapi
Next by thread: Server Program?
Index(es):
- Date
- Thread