[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL without certs?

To: ftpapi@xxxxxxxxxxxxx
Subject: Re: SSL without certs?
From: Jim_McMasters@xxxxxxxxxxxxxxx
Date: Sun, 5 Jun 2005 08:16:55 -0500
In-reply-to: <20050704225530.P796@grungy.dstorm.net>
Reply-to: ftpapi@xxxxxxxxxxxxx
Sender: owner-ftpapi@xxxxxxxxxxxxx

Thank you Scott, I will check into this as soon as possible.
jrm

Scott Klement <sk@xxxxxxxxxxxxxxxx>
Sent by: owner-ftpapi@xxxxxxxxxxxxx

07/04/2005 11:05 PM

Please respond to
ftpapi@xxxxxxxxxxxxx

To	ftpapi@xxxxxxxxxxxxx
cc
Subject	Re: SSL without certs?

Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx> > 1. We have an application requirement where the vendor does not require > digital certificates but does require SSL 3.0 . Will we be able to > communicate with them? It's not SSL without certificates. Though, what the vendor probably means is that they don't require client-side certificates (which is true in the majority of cases) In other words, you can take a web browser and point it at the site without having to install any special certificates on your machine. Technically, there are still certificates in use, but since their invisible to the user... > 2. I am receiving an error as a return from http_url_post= "SSL Handshake: > (GSKit) Certificate is not signed by". I'm too new to know if this is > internal to my config with DCM or ? The rest of that sentence would be "a trusted certificate authority." You're chopping part of it off (probably in order to make it fit on a DSPLY opcode) So, the server is sending you a certificate, but your DCM doesn't trust it. Most likely, the application is misconfigured in the digital certificate manager. Another possibility is that the certificate is signed by a certificate autnority that the iSeries doesn't have installed by default. I've put extra code into version 1.11 of HTTPAPI that helps perform additional debugging with SSL, and also simplifies the setup when you don't need client certificates. Right now 1.11 hasn't been released, except as a beta version. You might want to give it a try, as it might make your life easier. Plus, we could really use your help testing it out to make sure it's ready to be a full release. More info is here: http://www.scottklement.com/archives/ftpapi/200506/msg00088.html Incidentally, the archives for this mailing list are found at the following link. There's a lot of stuff about SSL setups in there, so you might find it helpful to do some searches: http://www.scottklement.com/archives/ftpapi/ Good luck ----------------------------------------------------------------------- This is the FTPAPI mailing list. To unsubsribe from the list send mail to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr -----------------------------------------------------------------------

References:
- Re: SSL without certs?
  - From: Scott Klement

Prev by Date: Christian Vitroler/Dieter Wallak EDV-Beratung istaußer Haus.
Next by Date: HTTPAPI 1.11 pre-release - truncationg data on a POST
Previous by thread: Re: SSL without certs?
Next by thread: Christian Vitroler/Dieter Wallak EDV-Beratung istaußer Haus.
Index(es):
- Date
- Thread