MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » January 2014

RE: Secure FTP failure -23 Certificate is not signed by a trusted certificate authority.



fixed

The problem was the Client FTP Trust list.
On R&D we were not using a Client FTP Trust list, R&D was working.
On Production, there was a cert from another application in the FTP Client Trust list, thus because I didn't add the FD certs to the list, why it didn't work.

I made it work 2 different ways.
1) Unchecked our cert from the client FTP trust list, it worked.
2) Added FD 6_VeriSignIntermediateCAs.cer to the client FTP trust list, it worked.

I have not finalized my plan, but probably going to not use a trust list.

IBM recommends NOT to use a trust list.
Here's the note from IBM on trust list.

" When the SSL FTP client application ID is configured not to use a trust list, then root CA that issued the remote server cert must be in the *System store.
When configured to use a trust list, but there are no CAs in the trust list, then it will behave as if configured not to use a trust list.
When configured to use a populated trust list, all the CAs in the certification path must be in the *System store and in the trust list."

What is everyone else doing, trust list or no trust list?

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bradley Stone
Sent: Sunday, January 19, 2014 9:16 AM
To: Midrange Systems Technical Discussion
Subject: Re: Secure FTP failure -23 Certificate is not signed by a trusted certificate authority.

A self-signed cert and a CA are two different animals.

A self-signed cert is a cert, but the CA is you.


On Fri, Jan 17, 2014 at 9:09 PM, Chris Bipes <chris.bipes@xxxxxxxxxxxxxxx>wrote:

You need to capture there ca cert and import it into dcm on your
iseries

Sent from my iPhone

On Jan 17, 2014, at 6:42 PM, "Ed Carp" <ecarp@xxxxxxxxxxx> wrote:

On 01/17/2014 12:31 PM, Bradley Stone wrote:

You don't have the proper Certification Authorities (CAs) installed
on
the
machine that you are using to connect to the secure server.

I show a couple CAs in the certificate path that should be imported.
If you think they are there, try importing them one at a time again
starting from the top level CA, down the levels to the last one.

I have some instructions that will help retrieve the CAs and import
them
in
the SSL documentation at http://docs.bvstools.com

This will also happen if someone uses a self-signed certificate. Is
there a way to ignore this warning, and use a self-signed cert?


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact