[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stuck with certificates for https



Sender: Sean Porterfield <sporter@xxxxxxxxxxxx>

Unless I've misunderstood, this is yet another example of "just connecting to a secure site." The issue is whether the iSeries trusts the CA that signed the server's certificate.

Perhaps this will help some:

http://www.scottklement.com/archives/ftpapi/200503/msg00060.html

This does not require a certificate on the iSeries.

I think this is the message that I used to solve my problem:

http://www.scottklement.com/archives/ftpapi/200410/msg00026.html

The key here is to make sure the *SYSTEM certificate store exists and has the CA marked as trusted.

Good luck!


Shannon ODonnell wrote:

I created a certificate this way just a few moments ago and then ran Scott's EXAMPLE4 program. It came back with an error message:

SSL Handshake: (GSKit) Certificate is not signed by

And then it cut off because the error message field wasn't large enough to
display the entire response. I'm assuming it probably said "is not signed by
a valid certificate authority" or words to that effect.

I wonder if you have to use a valid CA such as Verisign rather than a System
CA gen'd on your own iSeries.



-----Original Message-----
From: Peter Sawatzki


Alexander,

Use the iSeries DCM to create a certificate. You can access the DCM with
this web page: http://ip-of-your- iseries:2001/

You could also use for example a Win200x Server as a certificate authority
or create a certificate with openssl.

Peter

-----Original Message-----
From: Alexander Grünwald

Hello Scott,

I´m stuck with creating a certificate for using https-connections. I am not
sure, if I have to get a certificate by trusted company, just to act as a
client, or if there is a possibility to generate a certificate on my own
(for example to use your EXAMPLE3). I have been checking your latest
description on how to set up certifacte manager in your mailing list, but
there is a point, where you explain, that you already have a certificate for
other reasons and just link it to your application profile. i don´t have a
certifiacte and do not really know, how to get one - without buying one.

----------------------------------------------------------------------- This is the FTPAPI mailing list. To unsubsribe from the list send mail to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr -----------------------------------------------------------------------