× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I've been trying to assign a .pfx certificate (*.thedomain.com) to the FTP server and to a web server on the same IBM i (it will be serving a website). That same certificate is used on various Windows servers, and another IBM i (which is being deprecated). I have the .pfx imported to the new IBM i but (was) unable to assign it to the FTP server or to the web server. I have two expired CA certificates on the new IBM i which (I'm guessing) need to be updated/deleted.

The network guys gave me another CA certificate (USERTrustRSAAAACA.crt, which I've imported; not sure where it came from); now I can assign the .pfx certificate to the FTP and web server.

TomH

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob Williams via MIDRANGE-L
Sent: Tuesday, March 29, 2022 11:41 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Cc: Rob Williams <qpgmr400@xxxxxxxxxxxxxxx>
Subject: Re: having trouble assigning certificate to app

Tom,

In your original post you said "I have a multi-server certificate that I'm trying to assign to a web server on the i." Are you really trying to install a server certificate? Or just a CA Certificate?

Will the IBM I be the web server or will the IBM I be consuming a web service on another server?

From what I read if you're trying to install a Server Certificate, there should also be a .key file that goes along with the .crt file. The .key file is the private key and would be required for a Server Certificate.

If the Network Team only gave you the .crt file, my guess is they are not asking you to install a Server Certificate. It sounds unusual to install the same server certificate on multiple systems. (especially different platform like Windows and IBM i)

I think it would be best to confirm the type of certificate you are trying to install before any more troubleshooting on the IBM i.

I would also ask the Network Team for the entire certificate chain (ca and
root) with each certificate in a separate file and in a .cer format. This would be extremely helpful regardless of the answer to the above question.

Rob

------------------------------

message: 3
date: Tue, 29 Mar 2022 22:08:09 +0000
from: Tom Hightower <tomh@xxxxxxxxxxx>
subject: RE: having trouble assigning certificate to app

That could be, I have these two expired:

-USERTrustRSAAddTrustCA.crt expired 5/30/2020 -AddTrustExternalCARoot.crt expired 5/30/2020

Apparently those have been on our various AS400 -> i systems for *years*.

I'll check with network guys to see if they can provide updated certificates. If they don't have them, is there somewhere they can be downloaded?

TomH

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob Williams via MIDRANGE-L
Sent: Tuesday, March 29, 2022 9:50 AM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Cc: Rob Williams <qpgmr400@xxxxxxxxxxxxxxx>
Subject: RE: having trouble assigning certificate to app

I have seen that exact message and situation once before and the cause was one of the CA Certificates (or Root Certificate) in the chain had expired.

You can use the following query to view the certificates in your certificate store.

SELECT CERTIFICATE_LABEL as CERT_LABEL,
VALIDITY_START, VALIDITY_END,
SUBJECT_COMMON_NAME as SUBJECT_CN,
ISSUER_COMMON_NAME as ISSUER_CN
FROM TABLE(QSYS2.CERTIFICATE_INFO(CERTIFICATE_STORE_PASSWORD=>
'*NOPWD'))

Rob

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.midrange.com%2Fmailman%2Flistinfo%2Fmidrange-l&amp;data=04%7C01%7Ctomh%40idocket.com%7C351a6fd6e2ec46c7c4a508da12077919%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C637842120604372933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=tIlWMSJ4v%2BJQHrhng%2F3Mzc7Kdz6RtyYtYrHeofQJw9s%3D&amp;reserved=0
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Farchive.midrange.com%2Fmidrange-l&amp;data=04%7C01%7Ctomh%40idocket.com%7C351a6fd6e2ec46c7c4a508da12077919%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C637842120604372933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=%2B%2B%2BK8GMtjo%2F6BFsmOu6Wg9x22Rc%2FodNzLIk0JQRWiGs%3D&amp;reserved=0.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Famazon.midrange.com%2F&amp;data=04%7C01%7Ctomh%40idocket.com%7C351a6fd6e2ec46c7c4a508da12077919%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C637842120604372933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=97IwMmxgl9rh7BqGJvdvF81rzkmzTQg0Rl3avyetE0I%3D&amp;reserved=0

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.