Thank you Scott, I will check into this
as soon as possible.
jrm
Scott Klement <sk@xxxxxxxxxxxxxxxx> Sent by: owner-ftpapi@xxxxxxxxxxxxx
07/04/2005 11:05 PM
Please respond to
ftpapi@xxxxxxxxxxxxx
To
ftpapi@xxxxxxxxxxxxx
cc
Subject
Re: SSL without certs?
Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>
> 1. We have an application requirement where the vendor does not require
> digital certificates but does require SSL 3.0 . Will we be able
to
> communicate with them?
It's not SSL without certificates. Though, what the vendor probably
means
is that they don't require client-side certificates (which is true in the
majority of cases)
In other words, you can take a web browser and point it at the site
without having to install any special certificates on your machine.
Technically, there are still certificates in use, but since their
invisible to the user...
> 2. I am receiving an error as a return from http_url_post= "SSL
Handshake:
> (GSKit) Certificate is not signed by". I'm too new to know if
this is
> internal to my config with DCM or ?
The rest of that sentence would be "a trusted certificate authority."
You're chopping part of it off (probably in order to make it fit on a
DSPLY opcode)
So, the server is sending you a certificate, but your DCM doesn't trust
it. Most likely, the application is misconfigured in the digital
certificate manager. Another possibility is that the certificate
is
signed by a certificate autnority that the iSeries doesn't have installed
by default.
I've put extra code into version 1.11 of HTTPAPI that helps perform
additional debugging with SSL, and also simplifies the setup when you
don't need client certificates.
Right now 1.11 hasn't been released, except as a beta version. You might
want to give it a try, as it might make your life easier. Plus, we could
really use your help testing it out to make sure it's ready to be a full
release.
More info is here:
http://www.scottklement.com/archives/ftpapi/200506/msg00088.html
Incidentally, the archives for this mailing list are found at the
following link. There's a lot of stuff about SSL setups in there, so you
might find it helpful to do some searches:
http://www.scottklement.com/archives/ftpapi/
Good luck
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send
mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------