[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Example3 - SSL not trusted error message
Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>
Hi John,
There are two problems:
> In DCM, the Verisign class 1 certificate appears OK but the class 2 and
> class 3 certificates expired in January 2004.
1) VeriSign's intermediate certificates expired on January 7, 2004. Until
you update your CA certs, most VeriSign sites won't be trusted.
If you update to CUM PTF level C4077520 or later, the problem will be
fixed for new certificate stores, but not for existing ones. To fix the
existing ones, you need to manually download & install the updated
intermediate certificates from VeriSign. They've got a web page set up to
explain the process:
https://www.verisign.com/support/site/caReplacement.html
Personally, I had a hard time figuring out how to get it done with info
from that site, but maybe that's just me! If nothing else, call IBM
support and get them to help you.
> In an attempt to see what certificate the target website is using, I
> tried to access "https://ssl.ahnet.net/SSL/klemen/"; (the URL that
> Example3 points to) via IE6 and received an "HTTP 404 Not Found".
2) https://ssl.ahnet.net no longer exists. I used to have an SSL server
with that URL years ago, but not anymore. That example should be removed
from HTTPAPI.
In fact, I should go through and clean up all of the EXAMPLEx members,
since many of them aren't the best way to do things anymore. Thanks for
the heads up on this!
A better SSL example would be EXAMPLE16, (though the SSL part of EXAMPLE4
& EXAMPLE5 should still work)
---
Scott Klement http://www.scottklement.com
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------