× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2005

Re: SSL FTP from V5R2 AS/400 to BellSouth

I found sound error information for the -23. It is "CPDBC97 SSL_ERROR_NOT_TRUSTED_ROOT".

I've added two certificates to the CA trust list for the FTP server and client on my system using DCM. Anyone have any idea what I'm missing?

Here is the text for MSGID CPDBC97

Message IDs:          CPDBC97
CPDBC97
  Message . . . . :   Certificate is not signed by a trusted certificate
    authority.
  Cause . . . . . :   The Certificate Authority that signed the certificate is
    not listed as a trusted Certificate Authority (CA) on this system.  If this
    error occurs during initialization then the local supplied certificate is
    not signed by a trusted CA.  If this error occurs during handshake
    processing, the system certificate from at least one of the end points is
    not signed by a trusted CA.
  Recovery  . . . :   Either add the Certificate Authority to the list of
    trusted Certificate Authorities on both end points or obtain a certificate
    that is signed by a trusted Certificate Authority and associate it with the
    desired application system certificate.  The Digital Certificate Manager
    (DCM) can be used to create and modify certificates and to work with
    Certificate Authorities. If the application is using the
    SSL_Init_Application() Application Programming Interface (API), ensure the
    certificate with the trusted Certificate Authority has been associated with
    the application using either the DCM, or the Register Application for
    Certificate Use (OPM, QSYRGAP; ILE, QsyRegisterAppForCertUse) API. Ensure
    the key database file specified on the SSL_Init() API or associated with the
    application that is using the SSL_Init_Application() API, contains the
    certificate. If the application is using the
    gsk_attribute_set_buffer(GSK_OS400_APPLICATION_ID) API, ensure that the
    desired certificate has been associated with the application using either
    the DCM, or the Register Application for Certificate Use (OPM, QSYRGAP; ILE,
    QsyRegisterAppForCertUse) API. Ensure the key data base file specified on
    the gsk_attribute_set_buffer(GSK_KEYRING_FILE) API or associated with the
    application if using the gsk_attribute_set_buffer(GSK_OS400_APPLICATION_ID)
    API, contains the certificate(s).



Thanx, PLA


Patrick L Archibald wrote:

Hi

I am trying get files using SSL FTP from a V5R2 AS/400 to BellSouth. I
am getting a return code -23 prior to logging in. Does anyone know what return code -23 means?

I am using the following command:

STRTCPFTP RMTSYS(AICXFERTEST.BELLSOUTH.COM) SECCNN(*SSL)

Afterwards I get this:

Connecting to host AICXFERTEST.BELLSOUTH.COM at address 139.76.142.4 using port 21.

220 <<<Connect:Enterprise UNIX 2.2.00 Secure FTP>>> at aic00387 FTP server ready. Time = 12:44:18

234 AUTH TLS-C/TLS OK.


Secure connection error, return code -23.



Thanx, PLA




--
// // Patrick L Archibald
// http://www.PatrickArchibald.com
// http://www.GooseCreekRotary.org
// http://www.BeeSharp.us
// http://www.SeveredTiesROCKS.com
//



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.