My guess is that at some point, maybe already, IBM will have the LE
roots installed and maintained by them as they do other well-known CA
So, if the renewal is "automatic" and you FTP back to IBM i, then all
you need to do is to point to the IFS location and use "renew"
manually in the old DCM. At some point, I am going to get the DCM API
working and will share the implementation, as well as use it in my
servlet and update Jesse's repo. Then you might be able to leverage
it in a script to automate the whole tamale.
In my particular case, I have a few wildcard certs so have to use the
DNS-01 Challenge type to renew. I have automated that step of
generating the TXT record in GoDaddy as well. Just need to get that
"import/renew" feature of the DCM API figured out.
You said: "I just need the IBM i to accept the new cert from within
the FTP client." I am not sure what your expectation is with that
statement. There are only two ways I can think of to get a new
certificate updated in DCM: The manual method of using the DCM UI to
select and import the file. Or, using the DCM API to directly import
the file (which I am try to get to work). How are you updating DCM
GIAC Secure Software Programmer-Java
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals
Twitter - Sys_i_Geek IBM_i_Geek
On 4/5/2022 8:58 AM, Greg Wilburn wrote:
The CA I'm working with is Let's Encrypt!
Just to be clear... this is for the IBM i as the CLIENT, not the server.
Our external FTP server is hosted somewhere in the fog (I mean
cloud), and is using Let's Encrypt to auto-renew the certificate
before it expires every 90 days (it has yet to work). I just need
the IBM i to accept the new cert from within the FTP client.
I have the root certificates installed and enabled, but they expire
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.