[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Server authentication

To: "'HTTPAPI and FTPAPI Projects'" <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Server authentication
From: "ian" <ian@xxxxxxxxxxxxxxxxx>
Date: Wed, 23 May 2007 13:09:24 +0100
Importance: Normal
In-reply-to: <cfdb82b0705230250w94723f5r97260864fe8226c6@xxxxxxxxxxxxxx>
List-help: <mailto:ftpapi-request@lists.scottklement.com?subject=help>
List-id: HTTPAPI and FTPAPI Projects <ftpapi.lists.scottklement.com>
List-post: <mailto:ftpapi@lists.scottklement.com>
List-subscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=subscribe>
List-unsubscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=unsubscribe>
Organization: Grange IT Limited
Reply-to: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sender: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx

I am not sure that the following info is the cause of your problem, but
it is worth stating for the group.

We use HTTPAPI to connect to a server that uses intermediate CA
certificates as well as the root CA cert. i.e. there are three certs in
the chain.
Example cert path: GTE Cyber Trust Gobal Root (top), Cybertrust
Sureserver CA (intermediate), the client certificate.

Up to and including OS400 Release 5.2, the DCM was happy to connect to
this server if the intermediate CA cert was not in the DCM certificate
store.
At 5.3 (& 5.4) something changed in the DCM and we got the 'Cert not
signed etc.' error message as below, which was resolved when we added
the intermediate CA to the store.

Also worth noting if you have to use intermediate certificates is that
the certificates must be entered in the correct sequence, the top
certificate must be added to the DCM before the intermediate
certificate.

Regards
 
Ian Patterson

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Wilbert van
der Hoeven
Sent: 23 May 2007 10:51
To: ftpapi@xxxxxxxxxxxxxxxxxxxxxx
Subject: Server authentication


Hello group,

We are using an SSL connection to exchange information with a large
transport company. Recently we are experiencing difficulties with
checking the server certificate: 'Certifcate not signed by a trusted
Certificate Authority'. We think the problem is with the transport
company since our
(CA) certificates are up to date and other customers are experiencing
the same problems. The transport company now proposes to leave out the
server authentication. I gather that that means that we do not check
whether the server certificate is issued by a trusted Certificate
Authority. How can we accomplish that with HTTPAPI?

Thanks, Wilbert

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- Re: Server authentication
  - From: Wilbert van der Hoeven

References:
- Server authentication
  - From: Wilbert van der Hoeven

Prev by Date: Server authentication
Next by Date: Re: Server authentication
Previous by thread: Server authentication
Next by thread: Re: Server authentication
Index(es):
- Date
- Thread