While helping a customer set up CAs on their system so that they can send
emails using Gmail they seemed to be having issues no one else was (using
our MAILTOOL software for sending emails).
Because GMail uses SSL, they must import two CAs into their *SYSTEM store
so that Google's SSL cert is trusted otherwise they get the RC(23) error
I normally provide these CAs to my customers since they're using ourt
MAILTOOL software. The root CA is normally installed on newer machines,
but the second level CA isn't ever. (It's a google certificate).
Well, they installed the CAs, and still were getting RC(23). I had them
double check all their PTFs were installed and after that things still
So I did a virtual loaner V7R1 system to see if I could recreate the
issue. But, instead I got different results that were also unexpected.
For communicating with Google this system only required the top most root
CA in the chain.. even though there are two CAs in the chain.
I even verified this by removing all CAs from the *SYSTEM store except the
top most CA in the chain that things worked. Once I removed that final CA
I would get RC(23) "not trusted" as expected.
So, one system with the proper CAs installed is still saying "not trusted",
and another system is trusting with only the root CA in the chain installed
when it shouldn't be.
Something is wacky with SSL on V7R1... just wondering if anyone has noticed
anything similar. The latter would probably be a welcome issue (although
when fixed with PTFs would cause headaches for sure since trust would no
longer be there).