× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



PS... a lot of servers these days are using multiple CAs... the
example link posted uses one of these in it's example, so if it is
that type, you'll be good to go once you retrieve their Certificate.

Brad
www.bvstools.com

On Wed, Jan 19, 2011 at 10:08 AM, Bradley Stone <bvstone@xxxxxxxxx> wrote:
You're most likely not using client side certificates it this... 23
means normally that you aren't set up to trust the (Certificate
Authority) CA that signed the server's certificate.  Client side
certificates are few and far between.

So you need to get their certificate, export the CA, then import it
into your *SYSTEM store.

Getting the Certificate through FTP can be the tricky part...  with
web sites it's as easy and going to the URL and saving the
certificate.

But with FTP, if you can't access the FTP sign via IE to get the cert,
I've had great luck using Open SSL to retrieve certificates from non
HTTP servers (ie SMTP, POP, etc).

Here's a great tutorial Aaron Bartell put together to walk people through this.

http://rpg-xml.com/Downloads/Import_Certificate_Authority/Import_Certificate_Authority.html

The only difference in your case is you need to get the certificate
the FTP server is using.

Brad
www.bvstools.com

On Tue, Jan 18, 2011 at 3:23 PM,  <daparnin@xxxxxxxxxxxxxx> wrote:
Thanks Scott.  Yes, I was refering to a client certificate.  The CA
certificate didn't occur to me.  I'll give them a call about it in the
morning.


Dave Parnin
--
Nishikawa Standard Company
324 Morrow Street
Topeka, IN  46571
260-593-2156  ext. 621
daparnin@xxxxxxxxxxxxxx




From:   Scott Klement <midrange-l@xxxxxxxxxxxxxxxx>
To:     midrange-l@xxxxxxxxxxxx
Date:   01/18/2011 03:25 PM
Subject:        Re: FTP SSL error
Sent by:        midrange-l-bounces@xxxxxxxxxxxx



Hi Dave,

It's not physically possible to do SSL without certificates.  It's
possible without any CLIENT-SIDE certificates, which may be what you
meant... but the FTP server will always send you a server certificate
(automatically, as part of the connection) which your side will have to
validate against a CA certificate.

Error -23 means that the server certificate you received couldn't be
validated against the CA certificate.  Possibly they are using
certificates that they generated themselves, or that they got from a CA
that you don't have installed (like GoDaddy, for example.)

The solution to that problem is to install the appropriate CA certificate.

As for the "unable to connect" error... I don't have any input on that,
other than the obvious...  Either the server is down, or a firewall is
blocking you.


On 1/18/2011 1:43 PM, daparnin@xxxxxxxxxxxxxx wrote:
I need to connect to a vendor's FTP site to do a file transfer from our
i.
  We are at V5R4.  It has to be a secure transfer and they have given us
the options of SFTP or FTPs.  I'm trying FTPs by doing:

FTP RMTSYS('ftp.vendor.com') PORT(6990) SECCNN(*SSL)

When I tried it the first time I got a -23 error.  The help text
indicated
that this was a certificate problem.  We are using a user-id and
password
with no certificate.  When I try now I'm just getting "Cannot connect to
host" "try agin later".  For what it's worth, I can get connected from
my
PC using Filezilla.

I've read a few entries in the archives but didn't get any good ideas
other than finding that FTP with SSL is basically FTPs.  At least that's
my understanding.  Any ideas would be appreciated.

Dave Parnin

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.