MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » September 2012

Re: Trying to import DCM certificate from Comodo



fixed

In http://yourAS400:2001/HTTPAdmin (I will try to translate, since my i is in spanish)
After you created a web server in the left column there is "server properties" (Propiedades del servidor)
The third item is "Virtual Hosts" (Hosts Virtuales)
That takes you to the forms to create the virtual hosts and has lots of help.
I think the whole description I read from the "Apache" manual, in the infocenter.

A less elegant way to do it is to copy the relevant statements in your httpd.conf file.


Tom Hightower wrote:

Thanks Raul - do you know of a link that shows me how to create the virtual
server?

TomH

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Raul A. Jager W.
Sent: Tuesday, September 04, 2012 5:12 PM
To: Midrange Systems Technical Discussion
Subject: Re: Trying to import DCM certificate from Comodo

You need to use the web interface to create a new server. I think the
secure one has to be virtual, or at least is what I read when I did the
configuration.

In the DCM you need to "connect" your secure server to the certificate.

Here is the main part of my httpd.conf:

# Configuration originally created by Create HTTP Server wizard on Wed Aug
01 11:11:13 GMT-04:00 2012

LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM
Listen *:8080 http
Listen *:443 https
DocumentRoot /www/server/htdocs
TraceEnable Off
Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes
-IncludesNoExec -Indexes -MultiViews LogFormat ServerName i5.abc.com.py
SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0

<Directory />
Order Deny,Allow
Deny From all
</Directory>
<Directory /www/server/htdocs>
Order Allow,Deny
Allow From all
</Directory>
<VirtualHost *:443>
ServerName i5.abc.com.py
DocumentRoot /www/seguro/htdocs
Options +ExecCGI
SSLEngine On
SSLAppName QIBM_HTTP_SERVER_WSEGURO
SSLClientAuth None
SSLCacheEnable
SetEnv HTTPS_PORT 443

<Directory /www/sales/htdocs>
Order Allow,Deny
Allow From all
</Directory>

<Directory /QSYS.LIB/INTERNET.LIB>
Order Allow,Deny Allow From all Require valid-user UserID %%CLIENT%% PasswdFile %%SYSTEM%% AuthType Basic AuthName "ABC Color" SSLRequireSSL </Directory>
ScriptAliasMatch /public(.*) /QSYS.LIB/INTERNET.LIB/$1.PGM$2
Alias / /www/sales/htdocs/ </VirtualHost>




Tom Hightower wrote:


I've managed to get a 30-day certificate from RapidSSL installed in DCM without giving me an error.

Now.... can someone point me to instructions on how to set up my webserver so that:

http://idocket.com continues to work as it does now, and
https://secure2.idocket .com will bring up my secure page(s)?

The more basic the better...

Thanks,
Tom


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Tom Hightower
Sent: Tuesday, September 04, 2012 1:44 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Trying to import DCM certificate from Comodo

Some progress, maybe: I've downloaded a test certificate from Verisign.
Upon trying to import it, I'm getting the following error:

No request key is found for the certificate. If you are trying to receive the signed certificate, you must be using the same certificate store that was used when the certificate was requested. If this is a CA certificate, you should use the function for importing a CA.

However, I *know* I've generated a request (at least a half-dozen times altready), and I can the request when I do the following:
Manage Certificates -> Delete Certificate -> Certificate Request -> Continue

The certificate type is "server or client", and it's in the *system certificate store.

I'm not sure why I can't import the test certificate; any ideas?

Tom

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Tom Hightower
Sent: Tuesday, August 28, 2012 11:03 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Trying to import DCM certificate from Comodo

Ack. The certificate was from Verisign, not Comodo. A false assumption on my part.

But even so, it failed to install.

Certificate info:
Issued to: VeriSign Trial Secure Server CA - G2 Issued by: VeriSign Trial Secure Server Root CA - G2 Valid from: 3/31/2009 thru 3/31/2019

The certificate path shows VeriSign Trial Secure Server CA - G2 Certificate
status: The issuer of this certificate could not be found.

TomH

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bradley Stone
Sent: Monday, August 27, 2012 4:37 PM
To: Midrange Systems Technical Discussion
Subject: Re: Trying to import DCM certificate from Comodo

There also may be more than one... they should be part of your certificate you received. Double click on it and view the certificate path. You'll see one or more CA, then the actual certificate at the bottom

of the path.

You need to import all CAs from the certificate.

Brad
www.bvstools.com

On Mon, Aug 27, 2012 at 4:13 PM, <brad.lovelady@xxxxxxxxxxxxxx> wrote:



You need to import their certificate authority first. The CA is a trusted


Entity that digitally signed your new SSL certificate. Comodo should have a way for you to download a Root and/or intermediate CA. Once those are imported to DCM, then you can install the actual SSL certificate. Once you get the CA certificates use the same functions in DCM to import except be sure to select "Certificate Authority (CA)" when you get to the wizard screen that asks for type.



***********************************
Bradford Lovelady

Operating Systems Engineer
Technology Infrastructure Services

Wells Fargo Bank l 200 Wildwood Pkwy l Birmingham, AL 35209 MAC
W2691-010 Tel 205-938-1999 l Cell 205-826-2834

brad.lovelady@xxxxxxxxxxxxxx


Wells Fargo Confidential

This message may contain confidential and/or privileged information. If


you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.



-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Tom Hightower
Sent: Monday, August 27, 2012 3:38 PM
To: Midrange Systems Technical Discussion
Subject: Trying to import DCM certificate from Comodo

I'm trying to import a test SSL certificate that our network admin received from Comodo.com, to be used as system certificate to allow us to offer
https: web services from our iSeries. I'm getting the following message:

An error occurred during certificate validation. The issuer of the certificate may not be in the certificate store or the issuer may not be enabled.

How do I add the issuer (comodo.com) into the certificate store, or enable the issuer?

Thanks!
TomH

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact