Re: Trying to import DCM certificate from Comodo -- MIDRANGE-L

You need to use the web interface to create a new server. I think the secure one has to be virtual, or at least is what I read when I did the configuration.

In the DCM you need to "connect" your secure server to the certificate.

Here is the main part of my httpd.conf:

# Configuration originally created by Create HTTP Server wizard on Wed Aug 01 11:11:13 GMT-04:00 2012

LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM
Listen *:8080 http
Listen *:443 https
DocumentRoot /www/server/htdocs
TraceEnable Off
Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -IncludesNoExec -Indexes -MultiViews
LogFormat ServerName i5.abc.com.py
SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0

<Directory />
Order Deny,Allow
Deny From all
</Directory>
<Directory /www/server/htdocs>
Order Allow,Deny
Allow From all
</Directory>
<VirtualHost *:443>
ServerName i5.abc.com.py
DocumentRoot /www/seguro/htdocs
Options +ExecCGI
SSLEngine On
SSLAppName QIBM_HTTP_SERVER_WSEGURO
SSLClientAuth None
SSLCacheEnable
SetEnv HTTPS_PORT 443

<Directory /www/sales/htdocs>
Order Allow,Deny
Allow From all
</Directory>

<Directory /QSYS.LIB/INTERNET.LIB>
Order Allow,Deny Allow From all Require valid-user UserID %%CLIENT%% PasswdFile %%SYSTEM%% AuthType Basic AuthName "ABC Color" SSLRequireSSL </Directory>
ScriptAliasMatch /public(.*) /QSYS.LIB/INTERNET.LIB/$1.PGM$2
Alias / /www/sales/htdocs/ </VirtualHost>

Tom Hightower wrote:

I've managed to get a 30-day certificate from RapidSSL installed in DCM
without giving me an error.

Now.... can someone point me to instructions on how to set up my webserver
so that:

http://idocket.com continues to work as it does now, and
https://secure2.idocket .com will bring up my secure page(s)?

The more basic the better...

Thanks,
Tom

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Tom Hightower
Sent: Tuesday, September 04, 2012 1:44 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Trying to import DCM certificate from Comodo

Some progress, maybe: I've downloaded a test certificate from Verisign.
Upon trying to import it, I'm getting the following error:

No request key is found for the certificate. If you are trying to receive
the signed certificate, you must be using the same certificate store that
was used when the certificate was requested. If this is a CA certificate,
you should use the function for importing a CA.

However, I *know* I've generated a request (at least a half-dozen times
altready), and I can the request when I do the following:
Manage Certificates -> Delete Certificate -> Certificate Request -> Continue

The certificate type is "server or client", and it's in the *system
certificate store.

I'm not sure why I can't import the test certificate; any ideas?

Tom

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Tom Hightower
Sent: Tuesday, August 28, 2012 11:03 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Trying to import DCM certificate from Comodo

Ack. The certificate was from Verisign, not Comodo. A false assumption on
my part.

But even so, it failed to install.

Certificate info:
Issued to: VeriSign Trial Secure Server CA - G2 Issued by: VeriSign Trial
Secure Server Root CA - G2 Valid from: 3/31/2009 thru 3/31/2019

The certificate path shows VeriSign Trial Secure Server CA - G2 Certificate
status: The issuer of this certificate could not be found.

TomH

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bradley Stone
Sent: Monday, August 27, 2012 4:37 PM
To: Midrange Systems Technical Discussion
Subject: Re: Trying to import DCM certificate from Comodo

There also may be more than one... they should be part of your certificate
you received. Double click on it and view the certificate path. You'll see
one or more CA, then the actual certificate at the bottom of the path.

You need to import all CAs from the certificate.

Brad
www.bvstools.com

On Mon, Aug 27, 2012 at 4:13 PM, <brad.lovelady@xxxxxxxxxxxxxx> wrote:

You need to import their certificate authority first. The CA is a trusted

Entity that digitally signed your new SSL certificate. Comodo should have a
way for you to download a Root and/or intermediate CA. Once those are
imported to DCM, then you can install the actual SSL certificate. Once you
get the CA certificates use the same functions in DCM to import except be
sure to select "Certificate Authority (CA)" when you get to the wizard
screen that asks for type.

***********************************
Bradford Lovelady

Operating Systems Engineer
Technology Infrastructure Services

Wells Fargo Bank l 200 Wildwood Pkwy l Birmingham, AL 35209 MAC
W2691-010 Tel 205-938-1999 l Cell 205-826-2834

brad.lovelady@xxxxxxxxxxxxxx

Wells Fargo Confidential

This message may contain confidential and/or privileged information. If

you are not the addressee or authorized to receive this for the addressee,
you must not use, copy, disclose, or take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Tom Hightower
Sent: Monday, August 27, 2012 3:38 PM
To: Midrange Systems Technical Discussion
Subject: Trying to import DCM certificate from Comodo

I'm trying to import a test SSL certificate that our network admin received from Comodo.com, to be used as system certificate to allow us to offer
https: web services from our iSeries. I'm getting the following message:

An error occurred during certificate validation. The issuer of the certificate may not be in the certificate store or the issuer may not be enabled.

How do I add the issuer (comodo.com) into the certificate store, or enable the issuer?

Thanks!
TomH

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.