[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Please: https EXAMPLE4-clone not working (LAST change of subject-line - I promise)

Dear Sean,

 

God bless you. Not only the stunning (to me) insight that I was getting an error because [my] system does not trust the certificate of the server, but access to the long-sought archives (I just joined from Scott’s site).

 

I’m all straightened out now, not bent over backwards any more. (I adopted the short-term policy of “Trust the ****ing lot” in the DCM, didn’t bother with looking at UPS’s site. I just wanted to get EXAMPLE4 working.)

 

Thanks again, so very much.

Peter Myers

 

P.S. The above is green (don’t know if that comes through the email server), because that’s how I am about all this certificate nonsense and HTTP, and that’s the color of dinosaur scales.

 

-----Original Message-----
From: owner-ftpapi@xxxxxxxxxxxxx [mailto:owner-ftpapi@xxxxxxxxxxxxx] On Behalf Of Sean Porterfield
Sent: Tuesday, May 03, 2005 5:40 PM
To: ftpapi@xxxxxxxxxxxxx
Subject: Re: Please: https EXAMPLE4-clone not working (LAST change of subject-line - I promise)

 

Sender: Sean Porterfield <sporter@xxxxxxxxxxxx>

 

Peter Myers wrote:

 

> The same EXAMPLE4 clone indeed created an application visible in the

> DCM. Because I am now getting the error (GSKit) Certificate is not

> signed by a trusted certificate authority, I gather I need

>

> 

>

> (a) to find the certificate associated with the application

>

> (b) have it signed by a trusted certificate authority

 

 

If you're just connecting to an encrypted server as the example does,

you are getting an error because your system does not trust the

certificate of the server.  It wouldn't have anything to do with your

application unless the server requires a client certificate.

 

The easiest thing to do, I think, is to visit the site with your PC web

browser and look at the SSL information.  I found very helpful posts in

the archives as well as some good bits in the SSL examples themselves.

 

My iSeries did not trust the CA that signed the certificate of the bank

site I was loading.  I had to export the CA from my PC and import it to

DCM.  Then I added it to my trusted CA list and assigned it to my

application.

 

The difference for me was that the application didn't work until after

my system was shut down (which probably means restart the ADMIN

interface).  The instructions had a restart earlier; I had to do it later.

 

You might want to start with this one:

http://www.scottklement.com/archives/ftpapi/200410/threads.html#00028

 

Good luck!

-----------------------------------------------------------------------

This is the FTPAPI mailing list.  To unsubsribe from the list send mail

to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr

-----------------------------------------------------------------------