× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Well, I dismantled my 515 V5R4 box about a year ago... wish I could help
more. (My Power 8 is now obsolete too and on V7R4.. it's sad.. it has so
much life left in it!)

It may be that SSL on V5R4 isn't worth it anyhow. so much has changed
since then.

On Fri, May 10, 2024 at 9:56 AM Ed Guevara via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

No joy, same error. I am starting to think something is messed up either
at the DCM LPP or OS level.
I went to a 7.1 LPAR, created *SYSTEM from scratch, worked fine. It added
3 Verisign CAs, validated them, all good. (They won't expire until 2028). I
then saved '/QIBM/UserData/ICSS/Cert' specifying 5.4 as the target release.
I restored it on the 5.4 box, *SYSTEM is now there with the 3 Verisign CAs,
tried to validate them, same error. I know for a fact those CAs are valid.
No matter what I try to do in the 5.4 box it throws the same error.
I'll keep at it for a while, thanks for the suggestions.
Ed


On Friday, May 10, 2024 at 07:34:34 AM PDT, Ed Guevara <
exguevar@xxxxxxxxx> wrote:

Have not tried, I will do that.
Thanks!
On Friday, May 10, 2024 at 07:27:11 AM PDT, Brad Stone <
bvstone@xxxxxxxxx> wrote:

Not sure... but have you tried creating a different store instead? Maybe
that will work at it will be just empty and you can use that one instead of
the *SYSTEM store (as long as your applications allow you to specify a
different store).


On Fri, May 10, 2024 at 9:03 AM Ed Guevara via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

Yes, I have tried the option to create a cert and throws the same error.
That is a good thought on the IBM supplied CAs.. I wonder if there is a
way to wipe them out.
Thanks,
Ed
On Friday, May 10, 2024 at 06:58:11 AM PDT, Brad Stone <
bvstone@xxxxxxxxx> wrote:

Does that error happen right after you select "no, don't create a
certificate in the certificate store"?

Seems weird, but I know old DCM had issues with expired CAs/Certs so if
it's trying to populate the *SYSTEM store with expired CAs (they would be
the ones that IBM supplied and the versions you have are no doubt
expired)
that could be the issue.

Expired CAs and certs cause havoc for SSL applications and probably DCM
itself.

On Fri, May 10, 2024 at 8:53 AM Ed Guevara via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

Hi,
I have an old 520 running V5R4 at home as a lab. I want to play around
with SSL, SFTP, HTTPS etc.
When attempting to create the *SYSTEM cert store I am getting this
error:
"An error occurred during certificate validation. The issuer of the
certificate may not be in the certificate store or the issuer may not
be
in
the certificate store or the issuer may not be enabled"
I am familiar with this error, it usually means that root or
intermediary
certificates are missing, but in this case there are no certificates to
validate, just trying to create the cert store. I am taking "No" when
asked
if I want to create a certificate.
Any ideas?
Thanks in advance.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.