× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2002

Re: SSL API Question

On Fri, 25 Oct 2002, Brad Stone wrote:

> Well, right now that's not really an option.

What's not really an option?  Changing the code?   I did post suggestions
for both SSL_xxx and GSKit, right?

>
> Basically the error I'm getting is:
>
> SSL_ERROR_NOT_TRUSTED_ROOT


VeriSign has a lot of different certificate authorities, perhaps there
are some that aren't automatically installed in the digital certificate
manager?

The quickest fix to the problem would be to get the certificate authority
cert, and simply add it to the Digital Certificate Manager.

If you can't simply get the certificate authority certificate from
VeriSign, then what I've done this using the openssl command-line tool..,
You can get that from http://www.openssl.org, but you'll have to build it
from source.   If you have a BSD or Linux system, you've probably already
got it installed there.

Once you have it, you can do:

      openssl s_client -showcerts -connect www.netshare400.com:992

Would connect to Netshare400's SSL telnet server.   It shows two
certificates (found within the ---BEGIN CERTIFICATE---- and corresponding
END CERTIFICATE blocks) The second one is the certificate authority
certificate.

Then, I cut & paste that second certificate (including the BEGIN and END
lines) into a text file.   FTP that file to the IFS on your AS/400.

Go into digital certificate manager, under "System Certificates" and
then click "Receive a CA certificate".  give it some memorable name
as well as the path to the file you put in the IFS.

It will then ask which applications should trust it... and pick whatever
app id's you need.

>
> As for the gsk API toolkit, what OS release are they good
> for?
>

It's available on V4R5, but you need PTFs to enable it.
I applied these PTFs and they seemed to do the trick:

 SF64938  SF66346  SF64197  SF64936
 MF25723  MF25724  MF25725  MF25728  MF25306  MF25307  MF25309

Otherwise, V5R1 and later should have it out-of-the-box.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.