Re: SSL FTP from V5R2 AS/400 to BellSouth -- MIDRANGE-L

Brad

You are correct, the AS400 is the client and BellSouth is the server. So I'll forget about ending and starting the FTP server.

They sent me a file with two certificates, which I separated into two files. The certificates had the following above them:

GeoTrust True Credential CA 2: (expires 4/13/20)

and

Equifax eBusiness CA-1 Root certificate: (expires 6/21/20)

I imported both as Certificate Authority Certificates. What should I have done?

Thanx, PLA


Brad Stone wrote:

I thought in your original post you were FTPing to a
server.. if that's the case, then the FTP server really
doesn't play a role here.  You're using the FTP client.

You said bell south sent you a certificate.  Did they send
a certificate or a CA (or both).  If they require that you
do client authentication then you'll need to assign the
cert they sent (which I assume is the one for the client
authentication) to the FTP client, not the server.

If not, and this is "simple SSL", then you should try and
find out for sure if you have the CA in the *SYSTEM store
or have the right CA assigned to the FTP client
application.

NOT TRUSTED ROOT is pretty specific of an error.  So I'd
make sure you have the CA installed properly, at least in
the system store.  If you have the cert on your PC, you
should be able to double click on it to see the hierarchy
of  authorities.

Brad

On Wed, 18 May 2005 15:19:24 -0400 Patrick L Archibald <mailinglists4pla@xxxxxxxxxxxxxxxxxxxx> wrote:

Chris

I ended and started the FTP server since making the
changes in the DCM.

Here is a summary of what I've done in the DCM:

1. Selected the certificate store of *SYSTEM

2. Keyed the password and hit Continue.

3. Manage Certificates

4. Import certificate

5. Selected Certifcate Authority and pressed Continue.

6. Keyed in the IFS file path and name containing the
certificate from BellSouth.

7. Gave it a label.

8. Manage Applications.

9. Define CA Trust List

10. Selected Server, pressed Continue (Also did this for
Client).

11. Selected OS/400 TCP/IP FTP Server, Define CA Trust
List button.

12. Checked the certificate labels for BellSouth and
pressed OK.

13. ENDTCPSVR *FTP

14. STRTCPSVR *FTP

15. Get same error.

Am I doing something wrong?

Thanx, PLA

Chris Bipes wrote:

You have to end/restart the FTP server. Did you add the

new root to the FTP

Server and Client trust list?
Chris Bipes
Information Services Director
CrossCheck, Inc.
-----Original Message----- From: Patrick L Archibald

[mailto:mailinglists4pla@xxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, May 18, 2005 11:26 AM

To: Midrange Systems Technical Discussion
Subject: Re: SSL FTP from V5R2 AS/400 to BellSouth
Sean
I just ended and started the Admin http instance. I get

the same error.

Thanx, PLA

-- // // Patrick L Archibald // http://www.PatrickArchibald.com // http://www.GooseCreekRotary.org // http://www.BeeSharp.us // http://www.SeveredTiesROCKS.com //


--
This is the Midrange Systems Technical Discussion
(MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the
archives
at http://archive.midrange.com/midrange-l.

Bradley V. Stone BVS.Tools www.bvstools.com

-- // // Patrick L Archibald // http://www.PatrickArchibald.com // http://www.GooseCreekRotary.org // http://www.BeeSharp.us // http://www.SeveredTiesROCKS.com //