× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2024

Re: TLS/SSL Certificate update for IBM i ODBC

That's because normally systems come installed with common CAs.

It's not the cert you need to import on the client, it's the CA(s).

On Fri, Mar 1, 2024 at 3:05 PM Richard Schoen <richard@xxxxxxxxxxxxxxxxx>
wrote:

Actually I'm not sure that's true.

When I was using a self-signed certificate I had to do that.

Once I changed my IBMi SSL to use my GoDaddy certificate the problem
magically disappeared for me.

Regards,
Richard Schoen
Web: http://www.richardschoen.net
Email: richard@xxxxxxxxxxxxxxxxx

------------------------------

message: 3
date: Fri, 1 Mar 2024 13:04:51 -0600
from: Justin Taylor <jtaylor.0ab@xxxxxxxxx>
subject: Re: TLS/SSL Certificate update for IBM i ODBC

Yes. AFAIK, you have to intsall the cert on every ODBC client whenever
the cert changes. Why does ODBC require it, when 5250 and Apache don't?
That's a good question, and I'd love to know the answer.



date: Fri, 1 Mar 2024 14:50:22 +0000
from: "Sizer, Joseph via MIDRANGE-L" <midrange-l@xxxxxxxxxxxxxxxxxx>
subject: TLS/SSL Certificate update for IBM i ODBC

Each year I use Digital Certificate Manager (DCM) to import my new SSL
cert. My root and CA cert are still good. I then assign the new SSL
cert to the applications that require them based on what last year's
cert was assigned to. I then verify that telnet, IBM i HTTP servers,
etc. are all using the new SSL cert.

This year, a client PC that uses a System DSN 64-bit ODBC connection
to the IBM I for a Microsoft Word mail merge, generated an error that
defined the SSL cert as not being trusted. I am using ODBC driver IBM
I Access ODBC Driver version 13.64.27.00 and ACS version 1.1.9.4.

The error message generated when testing the connection is:
Data link error: Test connection failed because of an error in
initializing provider. IBM System I Access ODBC Driver Communication
link failure. Comm rc-25414 - CWBCO1050 - The IBM I server
application certificate is not trusted.

Changing the ODBC driver configuration to Non-SSL allows the mail
merge to work (Configure / Connection Options / Security - Do not user
Secured Sockets Layer (SSL)

Telnet (ACS) does not require any update at the PC client level. Is
anyone aware of a requirement where a PC client ODBC connect must run
an update for a new SSL cert? I would like to switch the connection
back to SSL.

Thanks.


Joe Sizer
IBM I Power Systems Administrator
Pencor Digital Services



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.