I've been trying to assign a .pfx certificate (*.thedomain.com) to the FTP server and to a web server on the same IBM i (it will be serving a website). That same certificate is used on various Windows servers, and another IBM i (which is being deprecated). I have the .pfx imported to the new IBM i but (was) unable to assign it to the FTP server or to the web server. I have two expired CA certificates on the new IBM i which (I'm guessing) need to be updated/deleted.
The network guys gave me another CA certificate (USERTrustRSAAAACA.crt, which I've imported; not sure where it came from); now I can assign the .pfx certificate to the FTP and web server.
TomH
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob Williams via MIDRANGE-L
Sent: Tuesday, March 29, 2022 11:41 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Cc: Rob Williams <qpgmr400@xxxxxxxxxxxxxxx>
Subject: Re: having trouble assigning certificate to app
Tom,
In your original post you said "I have a multi-server certificate that I'm trying to assign to a web server on the i." Are you really trying to install a server certificate? Or just a CA Certificate?
Will the IBM I be the web server or will the IBM I be consuming a web service on another server?
From what I read if you're trying to install a Server Certificate, there should also be a .key file that goes along with the .crt file. The .key file is the private key and would be required for a Server Certificate.
If the Network Team only gave you the .crt file, my guess is they are not asking you to install a Server Certificate. It sounds unusual to install the same server certificate on multiple systems. (especially different platform like Windows and IBM i)
I think it would be best to confirm the type of certificate you are trying to install before any more troubleshooting on the IBM i.
I would also ask the Network Team for the entire certificate chain (ca and
root) with each certificate in a separate file and in a .cer format. This would be extremely helpful regardless of the answer to the above question.
Rob
------------------------------
message: 3
date: Tue, 29 Mar 2022 22:08:09 +0000
from: Tom Hightower <tomh@xxxxxxxxxxx>
subject: RE: having trouble assigning certificate to app
That could be, I have these two expired:
-USERTrustRSAAddTrustCA.crt expired 5/30/2020 -AddTrustExternalCARoot.crt expired 5/30/2020
Apparently those have been on our various AS400 -> i systems for *years*.
I'll check with network guys to see if they can provide updated certificates. If they don't have them, is there somewhere they can be downloaded?
TomH
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob Williams via MIDRANGE-L
Sent: Tuesday, March 29, 2022 9:50 AM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Cc: Rob Williams <qpgmr400@xxxxxxxxxxxxxxx>
Subject: RE: having trouble assigning certificate to app
I have seen that exact message and situation once before and the cause was one of the CA Certificates (or Root Certificate) in the chain had expired.
You can use the following query to view the certificates in your certificate store.
SELECT CERTIFICATE_LABEL as CERT_LABEL,
VALIDITY_START, VALIDITY_END,
SUBJECT_COMMON_NAME as SUBJECT_CN,
ISSUER_COMMON_NAME as ISSUER_CN
FROM TABLE(QSYS2.CERTIFICATE_INFO(CERTIFICATE_STORE_PASSWORD=>
'*NOPWD'))
Rob
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.midrange.com%2Fmailman%2Flistinfo%2Fmidrange-l&data=04%7C01%7Ctomh%40idocket.com%7C351a6fd6e2ec46c7c4a508da12077919%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C637842120604372933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=tIlWMSJ4v%2BJQHrhng%2F3Mzc7Kdz6RtyYtYrHeofQJw9s%3D&reserved=0
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Farchive.midrange.com%2Fmidrange-l&data=04%7C01%7Ctomh%40idocket.com%7C351a6fd6e2ec46c7c4a508da12077919%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C637842120604372933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=%2B%2B%2BK8GMtjo%2F6BFsmOu6Wg9x22Rc%2FodNzLIk0JQRWiGs%3D&reserved=0.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Famazon.midrange.com%2F&data=04%7C01%7Ctomh%40idocket.com%7C351a6fd6e2ec46c7c4a508da12077919%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C637842120604372933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=97IwMmxgl9rh7BqGJvdvF81rzkmzTQg0Rl3avyetE0I%3D&reserved=0
midrange.com
