[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Stuck with certificates for https
Sender: "Shannon ODonnell" <sodonnell@xxxxxxxxxxxxxxxxx>
Thanks Sean. Seems like the learning never stops.
-----Original Message-----
From: owner-ftpapi@xxxxxxxxxxxxx [mailto:owner-ftpapi@xxxxxxxxxxxxx] On
Behalf Of Sean Porterfield
Sent: Wednesday, May 11, 2005 3:16 PM
To: ftpapi@xxxxxxxxxxxxx
Subject: Re: Stuck with certificates for https
Sender: Sean Porterfield <sporter@xxxxxxxxxxxx>
Unless I've misunderstood, this is yet another example of "just
connecting to a secure site." The issue is whether the iSeries trusts
the CA that signed the server's certificate.
Perhaps this will help some:
http://www.scottklement.com/archives/ftpapi/200503/msg00060.html
This does not require a certificate on the iSeries.
I think this is the message that I used to solve my problem:
http://www.scottklement.com/archives/ftpapi/200410/msg00026.html
The key here is to make sure the *SYSTEM certificate store exists and
has the CA marked as trusted.
Good luck!
Shannon ODonnell wrote:
>
> I created a certificate this way just a few moments ago and then ran
Scott's
> EXAMPLE4 program. It came back with an error message:
>
> SSL Handshake: (GSKit) Certificate is not signed by
>
> And then it cut off because the error message field wasn't large enough to
> display the entire response. I'm assuming it probably said "is not signed
by
> a valid certificate authority" or words to that effect.
>
> I wonder if you have to use a valid CA such as Verisign rather than a
System
> CA gen'd on your own iSeries.
>
>
>
>
> -----Original Message-----
> From: Peter Sawatzki
>
> Alexander,
>
> Use the iSeries DCM to create a certificate. You can access the DCM with
> this web page: http://ip-of-your- iseries:2001/
>
> You could also use for example a Win200x Server as a certificate authority
> or create a certificate with openssl.
>
> Peter
>
> -----Original Message-----
> From: Alexander Grünwald
>
> Hello Scott,
>
> I´m stuck with creating a certificate for using https-connections. I am
not
> sure, if I have to get a certificate by trusted company, just to act as a
> client, or if there is a possibility to generate a certificate on my own
> (for example to use your EXAMPLE3). I have been checking your latest
> description on how to set up certifacte manager in your mailing list, but
> there is a point, where you explain, that you already have a certificate
for
> other reasons and just link it to your application profile. i don´t have a
> certifiacte and do not really know, how to get one - without buying one.
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------