The problem was the Client FTP Trust list.
On R&D we were not using a Client FTP Trust list, R&D was working.
On Production, there was a cert from another application in the FTP Client Trust list, thus because I didn't add the FD certs to the list, why it didn't work.
I made it work 2 different ways.
1) Unchecked our cert from the client FTP trust list, it worked.
2) Added FD 6_VeriSignIntermediateCAs.cer to the client FTP trust list, it worked.
I have not finalized my plan, but probably going to not use a trust list.
IBM recommends NOT to use a trust list.
Here's the note from IBM on trust list.
" When the SSL FTP client application ID is configured not to use a trust list, then root CA that issued the remote server cert must be in the *System store.
When configured to use a trust list, but there are no CAs in the trust list, then it will behave as if configured not to use a trust list.
When configured to use a populated trust list, all the CAs in the certification path must be in the *System store and in the trust list."
What is everyone else doing, trust list or no trust list?
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bradley Stone
Sent: Sunday, January 19, 2014 9:16 AM
To: Midrange Systems Technical Discussion
Subject: Re: Secure FTP failure -23 Certificate is not signed by a trusted certificate authority.
A self-signed cert and a CA are two different animals.
A self-signed cert is a cert, but the CA is you.
On Fri, Jan 17, 2014 at 9:09 PM, Chris Bipes <chris.bipes@xxxxxxxxxxxxxxx>wrote:
You need to capture there ca cert and import it into dcm on your
Sent from my iPhone
On Jan 17, 2014, at 6:42 PM, "Ed Carp" <ecarp@xxxxxxxxxxx> wrote:
On 01/17/2014 12:31 PM, Bradley Stone wrote:
You don't have the proper Certification Authorities (CAs) installed the
machine that you are using to connect to the secure server.in
I show a couple CAs in the certificate path that should be imported.
If you think they are there, try importing them one at a time again
starting from the top level CA, down the levels to the last one.
I have some instructions that will help retrieve the CAs and import
the SSL documentation at http://docs.bvstools.com
This will also happen if someone uses a self-signed certificate. Is
there a way to ignore this warning, and use a self-signed cert?
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l