[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Server authentication
Hello Ian,
Thanks for the info. We have both certificates in the DCM.
Meanwhile we've gotten the right certificates from the transport
company, and everything is working fine again. They _did_ change the
certificates, but the change was out of sequence with the server where
we thought to get the new certificates from.
I have never noticed that you have to enter the certificates in the
right sequence, bot maybe we have been lucky so far.
Still, to prevent problems in the future it would still be nice if we
would not have to check the certificates at all. These things expire
regularly and therefore need maintenance.
Regards, Wilbert
On 5/23/07, ian <[1]ian@xxxxxxxxxxxxxxxxx> wrote:
I am not sure that the following info is the cause of your problem,
but
it is worth stating for the group.
We use HTTPAPI to connect to a server that uses intermediate CA
certificates as well as the root CA cert. i.e. there are three
certs in
the chain.
Example cert path: GTE Cyber Trust Gobal Root (top), Cybertrust
Sureserver CA (intermediate), the client certificate.
Up to and including OS400 Release 5.2, the DCM was happy to connect
to
this server if the intermediate CA cert was not in the DCM
certificate
store.
At 5.3 (& 5.4) something changed in the DCM and we got the 'Cert
not
signed etc.' error message as below, which was resolved when we
added
the intermediate CA to the store.
Also worth noting if you have to use intermediate certificates is
that
the certificates must be entered in the correct sequence, the top
certificate must be added to the DCM before the intermediate
certificate.
Regards
Ian Patterson
-----Original Message-----
From: [2]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:[3]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Wilbert van
der Hoeven
Sent: 23 May 2007 10:51
To: [4]ftpapi@xxxxxxxxxxxxxxxxxxxxxx
Subject: Server authentication
Hello group,
We are using an SSL connection to exchange information with a large
transport company. Recently we are experiencing difficulties with
checking the server certificate: 'Certifcate not signed by a
trusted
Certificate Authority'. We think the problem is with the transport
company since our
(CA) certificates are up to date and other customers are
experiencing
the same problems. The transport company now proposes to leave out
the
server authentication. I gather that that means that we do not
check
whether the server certificate is issued by a trusted Certificate
Authority. How can we accomplish that with HTTPAPI?
Thanks, Wilbert
-------------------------------------------------------------------
----
This is the FTPAPI mailing list. To unsubscribe, please go to:
[5]http://www.scottklement.com/mailman/listinfo/ftpapi
-------------------------------------------------------------------
----
References
1. mailto:ian@xxxxxxxxxxxxxxxxx
2. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
3. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
4. mailto:ftpapi@xxxxxxxxxxxxxxxxxxxxxx
5. http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------