× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2004

Re: SSL Telnet error

Actually the "Allow creation of user certificates" had nothing to do with 
it. 
The problem was that I still had other PC5250 sessions open to other 
systems when I downloaded the certificate from this new system and 
configured an SSL PC5250 session.  PC5250 will NOT use any new 
certificates until you end ALL PC5250 sessions and then restart.

...Neil




Neil Palmer/DPS <neilp@xxxxxxxxxxx> 
Sent by: midrange-l-bounces@xxxxxxxxxxxx
2004/11/15 01:59



To
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
cc

Subject
Re: SSL Telnet error






Found the answer.  In the Local Certificate Authority, the Policy Data has 

to be set to "Allow creation of user certificates" = NO.

...Neil




Neil Palmer/DPS <neilp@xxxxxxxxxxx> 
Sent by: midrange-l-bounces@xxxxxxxxxxxx
2004/11/14 22:17



To
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
cc

Subject
SSL Telnet error






Can't figure out what this means (I hate when they list error codes, but 
there appears to be nowhere to look them up):
 
Connecting... 
Resolving SERVER.DOMAIN.COM 
SERVER.DOMAIN.COM Resolved to SERVER.DOMAIN.COM (IPV4) 
Creating a local socket... 
Local socket is connecting to remote server/host SERVER.DOMAIN.COM using 
port 992... 
Connected to remote server/host SERVER.DOMAIN.COM using port 992 
Secure socket is connecting through TLS1.0 to remote server/host 
SERVER.DOMAIN.COM using port 992... 
Failed connecting to secure remote server/host SERVER.DOMAIN.COM using 
port 992, error code 414 
Disconnecting... 
Disconnected. 

Any clue what error code 414 is ?

The QTVTELNET joblog (V5R2 target system) shows:

Message ID . . . . . . :   CPDBC84       Severity . . . . . . . :   10 
Message type . . . . . :   Diagnostic 
Date sent  . . . . . . :   11/14/04      Time sent  . . . . . . : 21:47:16 


 
 
Message . . . . :   Certificate does not have a valid format. 
Cause . . . . . :   If this error is received at initialization time for 
the 
  Secure Sockets Layer (SSL) enabled application then the AS/400 
certificate 
  is not valid.  If this error is received during handshake processing 
then 
  the remote end point's certificate is not valid. 


BUT - I have the certificate created & downloaded from the iSeries to the 
PC, it shows in the key database, 
THE VERIFY SSL CONNECTION in iSERIES NAVIGATOR (PROPERTIES / SECURE 
SOCKETS) SUCCESSFULLYVERIFIES ALL SERVERS, INCLUDING TELNET, yet I can't 
get the SSL PC5250 session to work. 
(I have configured several other iSeries systems that I can successfully 
establish SSL Telnet sessions to).

And no, the Telnet Application does NOT specify "Client authentication 
required".

...Neil

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.