[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Stuck with certificates for https

To: <ftpapi@xxxxxxxxxxxxx>
Subject: RE: Stuck with certificates for https
From: "Shannon ODonnell" <sodonnell@xxxxxxxxxxxxxxxxx>
Date: Wed, 11 May 2005 15:30:45 -0500
In-reply-to: <4282680D.4010901@bestdist.com>
Reply-to: ftpapi@xxxxxxxxxxxxx
Sender: owner-ftpapi@xxxxxxxxxxxxx
Thread-index: AcVWZ8QBlteKF/zUTZm1u9b4qM7/HQAAGpnQ

Sender: "Shannon ODonnell" <sodonnell@xxxxxxxxxxxxxxxxx>

Thanks Sean.  Seems like the learning never stops.

 

-----Original Message-----
From: owner-ftpapi@xxxxxxxxxxxxx [mailto:owner-ftpapi@xxxxxxxxxxxxx] On
Behalf Of Sean Porterfield
Sent: Wednesday, May 11, 2005 3:16 PM
To: ftpapi@xxxxxxxxxxxxx
Subject: Re: Stuck with certificates for https

Sender: Sean Porterfield <sporter@xxxxxxxxxxxx>

Unless I've misunderstood, this is yet another example of "just 
connecting to a secure site."  The issue is whether the iSeries trusts 
the CA that signed the server's certificate.

Perhaps this will help some:

http://www.scottklement.com/archives/ftpapi/200503/msg00060.html

This does not require a certificate on the iSeries.

I think this is the message that I used to solve my problem:

http://www.scottklement.com/archives/ftpapi/200410/msg00026.html

The key here is to make sure the *SYSTEM certificate store exists and 
has the CA marked as trusted.

Good luck!


Shannon ODonnell wrote:
> 
> I created a certificate this way just a few moments ago and then ran
Scott's
> EXAMPLE4 program.  It came back with an error message:
> 
> SSL Handshake: (GSKit) Certificate is not signed by  
> 
> And then it cut off because the error message field wasn't large enough to
> display the entire response. I'm assuming it probably said "is not signed
by
> a valid certificate authority" or words to that effect.
> 
> I wonder if you have to use a valid CA such as Verisign rather than a
System
> CA gen'd on your own iSeries.
> 
> 
> 
>  
> -----Original Message-----
> From: Peter Sawatzki
> 
> Alexander,
> 
> Use the iSeries DCM to create a certificate. You can access the DCM with
> this web page: http://ip-of-your- iseries:2001/
> 
> You could also use for example a Win200x Server as a certificate authority
> or create a certificate with openssl.
> 
> Peter
> 
> -----Original Message-----
> From: Alexander Grünwald
> 
> Hello Scott,
> 
> I´m stuck with creating a certificate for using https-connections. I am
not
> sure, if I have to get a certificate by trusted company, just to act as a
> client, or if there is a possibility to generate a certificate on my own
> (for example to use your EXAMPLE3). I have been checking your latest
> description on how to set up certifacte manager in your mailing list, but
> there is a point, where you explain, that you already have a certificate
for
> other reasons and just link it to your application profile. i don´t have a
> certifiacte and do not really know, how to get one - without buying one.

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------





-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------

References:
- Re: Stuck with certificates for https
  - From: Sean Porterfield

Prev by Date: RE: Stuck with certificates for https
Next by Date: RE: Stuck with certificates for https
Previous by thread: Re: Stuck with certificates for https
Next by thread: RE: Stuck with certificates for https
Index(es):
- Date
- Thread