|
You're most likely not using client side certificates it this... 23
means normally that you aren't set up to trust the (Certificate
Authority) CA that signed the server's certificate. Client side
certificates are few and far between.
So you need to get their certificate, export the CA, then import it
into your *SYSTEM store.
Getting the Certificate through FTP can be the tricky part... with
web sites it's as easy and going to the URL and saving the
certificate.
But with FTP, if you can't access the FTP sign via IE to get the cert,
I've had great luck using Open SSL to retrieve certificates from non
HTTP servers (ie SMTP, POP, etc).
Here's a great tutorial Aaron Bartell put together to walk people through this.
http://rpg-xml.com/Downloads/Import_Certificate_Authority/Import_Certificate_Authority.html
The only difference in your case is you need to get the certificate
the FTP server is using.
Brad
www.bvstools.com
On Tue, Jan 18, 2011 at 3:23 PM, <daparnin@xxxxxxxxxxxxxx> wrote:
Thanks Scott. Yes, I was refering to a client certificate. The CA
certificate didn't occur to me. I'll give them a call about it in the
morning.
Dave Parnin
--
Nishikawa Standard Company
324 Morrow Street
Topeka, IN 46571
260-593-2156 ext. 621
daparnin@xxxxxxxxxxxxxx
From: Scott Klement <midrange-l@xxxxxxxxxxxxxxxx>
To: midrange-l@xxxxxxxxxxxx
Date: 01/18/2011 03:25 PM
Subject: Re: FTP SSL error
Sent by: midrange-l-bounces@xxxxxxxxxxxx
Hi Dave,
It's not physically possible to do SSL without certificates. It's
possible without any CLIENT-SIDE certificates, which may be what you
meant... but the FTP server will always send you a server certificate
(automatically, as part of the connection) which your side will have to
validate against a CA certificate.
Error -23 means that the server certificate you received couldn't be
validated against the CA certificate. Possibly they are using
certificates that they generated themselves, or that they got from a CA
that you don't have installed (like GoDaddy, for example.)
The solution to that problem is to install the appropriate CA certificate.
As for the "unable to connect" error... I don't have any input on that,
other than the obvious... Either the server is down, or a firewall is
blocking you.
On 1/18/2011 1:43 PM, daparnin@xxxxxxxxxxxxxx wrote:
I need to connect to a vendor's FTP site to do a file transfer from ouri.
We are at V5R4. It has to be a secure transfer and they have given usindicated
the options of SFTP or FTPs. I'm trying FTPs by doing:
FTP RMTSYS('ftp.vendor.com') PORT(6990) SECCNN(*SSL)
When I tried it the first time I got a -23 error. The help text
that this was a certificate problem. We are using a user-id andpassword
with no certificate. When I try now I'm just getting "Cannot connect tomy
host" "try agin later". For what it's worth, I can get connected from
PC using Filezilla.
I've read a few entries in the archives but didn't get any good ideas
other than finding that FTP with SSL is basically FTPs. At least that's
my understanding. Any ideas would be appreciated.
Dave Parnin
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.