× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2022

RE: CA Certificates

Thanks!

The CA I'm working with is Let's Encrypt!

Just to be clear... this is for the IBM i as the CLIENT, not the server.
Our external FTP server is hosted somewhere in the fog (I mean cloud), and is using Let's Encrypt to auto-renew the certificate before it expires every 90 days (it has yet to work). I just need the IBM i to accept the new cert from within the FTP client.

I have the root certificates installed and enabled, but they expire in 2025.

Greg

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Pete Helgren
Sent: Monday, April 4, 2022 5:55 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: CA Certificates

Timely!

Been corresponding with some DCM friends at IBM today.   Right now there
isn't a way through DCM to automatically renew certificates.  However,
if you have a manual method of reminding you to renew and then renew the
certificate manually, you can use the "renew" feature in the old DCM to
renew the certificate.  The easiest way, for me at least, is to continue
to use the original CSR that DCM generated when you requested the
certificate in the first place.  Renewing every time with the same CSR
allows you to just take the "renew" option in the old DCM and point to
where in the IFS the renewed certificate resides.

In the new DCM, if you are using the same CSR, you take the "import"
option (not the renew option on the "View Certificate" page) and just
import the renewed certificate.  Again, the caveat is that you are using
the original CSR for the certificate. Remember that IF you want generate
a NEW CSR, then you add one renewal step of first generating and copying
in the CSR and then requesting the renewal on the cert (all manual) and
then import the certificate (in the new DCM) or use the "Renew" step in
the old DCM.

There are semi-automated methods using LetEncrypt or other ACME based
clients as well.  Jesse Gorzinski has a project in github:
https://github.com/ThePrez/DCM-tools  ; There are also some PASE
utilities that can leverage LetEncrypt.  I am trying to complete a
project that makes the renewal fully automatic in DCM.   Just have to
sort out my  issues with the renewal API.....


Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals
Twitter - Sys_i_Geek IBM_i_Geek

On 4/4/2022 2:41 PM, Greg Wilburn wrote:
Just wondering the best/easiest way to handle keeping CA certificates renewed/current.

I thought in the old DCM there was a way to auto-renew, or at least click a button to renew the CA?

[Logo]<https://www.totalbizfulfillment.com/> Greg Wilburn
Director of IT
301.895.3792 ext. 1231
301.895.3895 direct
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx<mailto:gwilburn@xxxxxxxxxxxxxxxxxxxxxxx>
1 Corporate Dr
Grantsville, MD 21536
www.totalbizfulfillment.com<http://www.totalbizfulfillment.com>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.