× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Hi Jim,

On 2/25/2010 8:28 AM, Lowary, Jim wrote:
I can't connect thru the iSeries FTP after I enter this command:
FTP RMTSYS(*INTNETADR) INTNETADR('74.112.20.22') PORT(990) SECCNN(*SSL)

Sorry. I must've misunderstood your original message -- for some reason I thought you were the server, and someone was trying to connect to you.

Now I see that you are actually the client. That changes everything.


Connecting to remote host xxx.xxx.xxx.xxx using port 990. On the screen
and it set until it times out (actually I have to cancel it).

Hmm.. hard to know much from this. I can't tell if the connection is succeeding, and it's timing out during certificate exchange, or if the connection itself is timing out. Based on the other symptoms you posted, though, I'm guessing that they are expecting *IMPLICIT and you're not using it, and therefore it's timing out in the certificate exchange.

Started on Thursday February 25, 2010 at 07:23:AM
Connect socket #680 to xxx.xxx.xxx.xxx, port 990...
TLSv1, cipher TLSv1/SSLv3 (AES256-SHA) - 256 bit
USER uuuuuuuuuu
331 Password required for uuuuuuuuuu.
PASS **********
230 Login OK. Proceed.
SYST

This appears to be working properly. You are connecting, exchanging certificates, talking to the server and getting responses.


If in the PC client I go to their Manage menu and select SSL/SSH
Certificates and remove their "certificate" or record there of. When I
try and connect it pops up a window for me to accept their "certificate"
right after the " Connect socket #680 to xxx.xxx.xxx.xxx, port 990..."
message in the log. That is why I was saying they were sending
something.

Yes. The server *always* sends a certificate in SSL. If it didn't, it wouldn't be SSL. (I previously thought they were the client, so I gave you the wrong answer.)

You have to accept their certificate because you don't have their CA certificate installed. If you install it, you should no longer get messages like this.


If I change the SECCNN to (*IMPLICIT) which I hadn't tried before and
use this command:

FTP RMTSYS(*INTNETADR) INTNETADR('74.112.20.22') PORT(990)
SECCNN(*IMPLICIT)

Then I get:

Connecting to remote host 74.112.20.22 using port 990.
Secure connection error, return code -23.

Same problem. You need to install the CA certificate into your digital certificate manager, and tell the FTP client that it should be a trusted CA.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.