|
Actually the "Allow creation of user certificates" had nothing to do with it. The problem was that I still had other PC5250 sessions open to other systems when I downloaded the certificate from this new system and configured an SSL PC5250 session. PC5250 will NOT use any new certificates until you end ALL PC5250 sessions and then restart. ...Neil Neil Palmer/DPS <neilp@xxxxxxxxxxx> Sent by: midrange-l-bounces@xxxxxxxxxxxx 2004/11/15 01:59 To Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx> cc Subject Re: SSL Telnet error Found the answer. In the Local Certificate Authority, the Policy Data has to be set to "Allow creation of user certificates" = NO. ...Neil Neil Palmer/DPS <neilp@xxxxxxxxxxx> Sent by: midrange-l-bounces@xxxxxxxxxxxx 2004/11/14 22:17 To Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx> cc Subject SSL Telnet error Can't figure out what this means (I hate when they list error codes, but there appears to be nowhere to look them up): Connecting... Resolving SERVER.DOMAIN.COM SERVER.DOMAIN.COM Resolved to SERVER.DOMAIN.COM (IPV4) Creating a local socket... Local socket is connecting to remote server/host SERVER.DOMAIN.COM using port 992... Connected to remote server/host SERVER.DOMAIN.COM using port 992 Secure socket is connecting through TLS1.0 to remote server/host SERVER.DOMAIN.COM using port 992... Failed connecting to secure remote server/host SERVER.DOMAIN.COM using port 992, error code 414 Disconnecting... Disconnected. Any clue what error code 414 is ? The QTVTELNET joblog (V5R2 target system) shows: Message ID . . . . . . : CPDBC84 Severity . . . . . . . : 10 Message type . . . . . : Diagnostic Date sent . . . . . . : 11/14/04 Time sent . . . . . . : 21:47:16 Message . . . . : Certificate does not have a valid format. Cause . . . . . : If this error is received at initialization time for the Secure Sockets Layer (SSL) enabled application then the AS/400 certificate is not valid. If this error is received during handshake processing then the remote end point's certificate is not valid. BUT - I have the certificate created & downloaded from the iSeries to the PC, it shows in the key database, THE VERIFY SSL CONNECTION in iSERIES NAVIGATOR (PROPERTIES / SECURE SOCKETS) SUCCESSFULLYVERIFIES ALL SERVERS, INCLUDING TELNET, yet I can't get the SSL PC5250 session to work. (I have configured several other iSeries systems that I can successfully establish SSL Telnet sessions to). And no, the Telnet Application does NOT specify "Client authentication required". ...Neil
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.