Yes, the services are running on the 400.
Thanks
TomH
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jacob Banda
Sent: Tuesday, March 2, 2021 12:20 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: How do I import .crt certificate that was generated by csr on another system?
Great!
It looks like you can use the *.pfx file to import the entire chain and private key. Just place that file on your IFS and follow the import steps in the IBM article I mentioned earlier. You'll be prompted to enter the password, and I'm guessing the password is in the "pfx-password.txt" file.
The PFX file *should* have the entire chain, with root and intermediate signer certificates, so you should be able to knock out those imports as well.
On a side note, you mentioned that they want you to tie it to three services. Are these services hosted/running on your 400?
-----------------------------------------
Jacob Banda
-----------------------------------------
-----Original Message-----
date: Tue, 2 Mar 2021 17:28:19 +0000
from: Tom Hightower <tomh@xxxxxxxxxxx>
subject: RE: How do I import .crt certificate that was generated by
csr on another system?
I've asked for and they've provided a zip with several files, including:
cert-req.txt
pfx-password.txt
star_company_com.cer
star_company_com.jks
star_company_com.crt
star_company_com.pfx
They want me to tie the cert to their SSL web server, their non-SSL web server and FTP (those are already secured with a soon-to-expire cert)
Blessings
TomH
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jacob Banda
Sent: Monday, March 1, 2021 5:32 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: How do I import .crt certificate that was generated by csr on another system?
I THINK this is what you're looking for:
https://www.ibm.com/support/pages/how-import-certificates-p12-or-pfx-extensi
ons
First question: is the file password protected?
Second question: did they give you the private key?
Third question: what exactly does your netadmin mean by "tie it to their secure website"? Are you hosting a webserver on your 400 for employee access?
What Brad mentioned is how I've done it as well. But the details of what exactly they gave you will help a bit more. Typically if you're going to import SSL certificates, you'll import the whole chain including the private key bundled in the PKCS12 format (which should be password protected). Since you didn't generate the CSR, you don't have the private key on your 400, and hence you can't use just the wildcard public certificate for enabling SSL on your 400 apps. You'd need the private key from the machine that generated the CSR as well.
The only other alternative I can think of is that they intended to give you the Signer (Root) Certificate of their wildcard cert, so that way you could import it in DCM and then your 400 would trust their site(s).
Have you tried double clicking the file on a Windows machine to see what metadata comes back, or opening it in notepad?
-----------------------------------------
Jacob Banda
-----------------------------------------
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
https://amazon.midrange.com
midrange.com
