× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Maybe it pertains to the way your transferring the file (p7b) is binary.

https://www.ibm.com/support/pages/asn1-encodingdecoding-error-occurred



On Fri, Jun 4, 2021 at 11:36 PM Laurence Chiu <lchiu7@xxxxxxxxx> wrote:

Our organisation uses a combination of its own Certificate Management (for
internal servers) and external for web sites etc.

I am trying to create a SSL connection between an IBMi 7.3 system and a
Wintel server.

Our internal CA system uses the following process
1. Use an online form to request the cert (provide DNS, OU, ORG etc.)
2. System spits back a unique reference number
3. Use this reference number to create a CSR using the Windows certreq
command referencing a small inf file with the reference number
4. The output will be a CSR
5. Sign this CSR using an online portal providing the reference number and
a text reference which will then spit out a CER file

Trouble DCM does not know what to do this. Loading it into DCM produces an
error message

https://www.ibm.com/support/pages/asn1-encodingdecoding-error-occurred

An asn.1 encoding/decoding error occurred

So I load the cert into Chrome and output the cert in p7b format and
transfer that to the IBMi box. When I try to load that I get an error about
there was no corresponding request found to match this certificate. I guess
that means no CSR was created to sign.

Our certificate folks tell me that the IBMi system(DCM), of which they
don't know much about at all, has to use the reference number created in 2.
above to insert into the CSR. But when I look at creating a CSR in DCM
there is no reference number field. Just fields for Name, OU, City, State
etc. so I am stuck.

I do have access to our internal CA Certificate and Root Certificate.
Should I load those into DCM and just create and self-sign the cert (if I
can actually do that) before sending a copy to the Wintel box?

Thanks for any advice
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.