|
The problem was the Client FTP Trust list.
On R&D we were not using a Client FTP Trust list, R&D was working.
On Production, there was a cert from another application in the FTP Client
Trust list, thus because I didn't add the FD certs to the list, why it
didn't work.
I made it work 2 different ways.
1) Unchecked our cert from the client FTP trust list, it worked.
2) Added FD 6_VeriSignIntermediateCAs.cer to the client FTP trust list, it
worked.
I have not finalized my plan, but probably going to not use a trust list.
IBM recommends NOT to use a trust list.
Here's the note from IBM on trust list.
" When the SSL FTP client application ID is configured not to use a trust
list, then root CA that issued the remote server cert must be in the
*System store.
When configured to use a trust list, but there are no CAs in the trust
list, then it will behave as if configured not to use a trust list.
When configured to use a populated trust list, all the CAs in the
certification path must be in the *System store and in the trust list."
What is everyone else doing, trust list or no trust list?
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:
midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bradley Stone
Sent: Sunday, January 19, 2014 9:16 AM
To: Midrange Systems Technical Discussion
Subject: Re: Secure FTP failure -23 Certificate is not signed by a trusted
certificate authority.
A self-signed cert and a CA are two different animals.
A self-signed cert is a cert, but the CA is you.
On Fri, Jan 17, 2014 at 9:09 PM, Chris Bipes <chris.bipes@xxxxxxxxxxxxxxx
wrote:
You need to capture there ca cert and import it into dcm on your--
iseries
Sent from my iPhone
On Jan 17, 2014, at 6:42 PM, "Ed Carp" <ecarp@xxxxxxxxxxx> wrote:
On 01/17/2014 12:31 PM, Bradley Stone wrote:
You don't have the proper Certification Authorities (CAs) installedthe
on
machine that you are using to connect to the secure server.in
I show a couple CAs in the certificate path that should be imported.
If you think they are there, try importing them one at a time again
starting from the top level CA, down the levels to the last one.
I have some instructions that will help retrieve the CAs and import
them
the SSL documentation at http://docs.bvstools.com
This will also happen if someone uses a self-signed certificate. Is
there a way to ignore this warning, and use a self-signed cert?
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
