RE: Digitial Certificate help needed.

["Smith, Mike" <Mike_Smith@xxxxxxxxxxxxxxxx>]

I have been tried the Import into *SYSTEM, type (Server or Client).
When I do this I receive an option to key in the path and name of the
file.  This file is currently sitting on my desktop.  I have keyed this
in, but when I do I receive the following: 
Message  File does not exist. The system administrator may not have
created the file yet. Verify that the path and file name are correct. If
this is a certificate store such as *SYSTEM, you may want to refer to
the Get Started function for help. 


Michael Smith
iSeries.mySeries.


-----Original Message-----
From: Pete Helgren [mailto:Pete@xxxxxxxxxx] 
Sent: Monday, February 13, 2006 11:21 AM
To: Midrange Systems Technical Discussion
Subject: Re: Digitial Certificate help needed.


The Certificate Authority is the entity that issues certificates for 
other client side applications to use.  Verisign would be an example of 
a Certificate Authority.  However, you can set up a local certificate 
authority to issue certificates as well, the only issue is that if you 
use a local authority to issue the certificates then the client may not 
recognize the issuing certificate authority so there is a second 
certificate that is necessary to validate that the certificate authority

is "real'.  Your browser, for example, already has many certificate 
authority certificates imported into it so it can immediate;y recognize 
that the certificate issued by the authority is valid.  So, really there

are two certificates.  One that says the Certificate Authority is valid 
and a second that says, this is a valid certificate from a certificate 
authority.  In most cases when you set up certificates, you are setting 
up the second kind, especially if the certificate is from a well known 
authority.

However, this isn't what you are dealing with.  I think you are 
referring to a client side certificate so that your iSeries can 
authenticate to the the bank.  I don't know if they have a local 
certificate authority that issued that certificate or not, however, the 
FTP client at your end uses that certificate to authenticate. So I think

you have to import that client certificate into the certificate store 
which means that you will open the *SYSTEM certificate store and then 
import it in as a client certificate.  I opened the *SYSTEM certificate 
store and then went to manage certificates.  That is where I saw the 
import option.

I haven't had experience doing what you suggest but I think you should 
import the certificate into the *SYSTEM certificate store.  Not sure 
what step to take after that.

Pete Helgren


Smith, Mike wrote:

>I'm thoroughly confused.  I can't figure out what I'm supposed to be 
>using - so therefore I can't figure out how I should set this up.
>
>I need to do secure FTP to a Bank.  They have provided me with a
>Certificate(bank_test_cert.cer)    
>
>I know I need to install/import this certificate, but I'm not sure how.

>Is this a Certificate authority?
>
>Should I be selecting an existing Certificate Store- (Local Certificate

>Authority, *SYSTEM, *OBJECTSIGNING, Other)???? Or should I be creating 
>a New Certificate Store?
>
>I have tried using *SYSTEM and then importing, but I'm not sure if it 
>should be (server/Client or Certificate Authority).  I've tried both. 
>Both tell me the file doesn't exist(the .cer is sitting on my desktop)
>
>I think after I get this imported, I need to assign it to FTP(is this
>correct?)
>
>If someone is familiar with his process can they provide me the proper 
>steps.
>
>Thanks
>Michael Smith
>iSeries.mySeries.
>
>  
>