|
No joy, same error. I am starting to think something is messed up either
at the DCM LPP or OS level.
I went to a 7.1 LPAR, created *SYSTEM from scratch, worked fine. It added
3 Verisign CAs, validated them, all good. (They won't expire until 2028). I
then saved '/QIBM/UserData/ICSS/Cert' specifying 5.4 as the target release.
I restored it on the 5.4 box, *SYSTEM is now there with the 3 Verisign CAs,
tried to validate them, same error. I know for a fact those CAs are valid.
No matter what I try to do in the 5.4 box it throws the same error.
I'll keep at it for a while, thanks for the suggestions.
Ed
On Friday, May 10, 2024 at 07:34:34 AM PDT, Ed Guevara <
exguevar@xxxxxxxxx> wrote:
Have not tried, I will do that.
Thanks!
On Friday, May 10, 2024 at 07:27:11 AM PDT, Brad Stone <
bvstone@xxxxxxxxx> wrote:
Not sure... but have you tried creating a different store instead? Maybe
that will work at it will be just empty and you can use that one instead of
the *SYSTEM store (as long as your applications allow you to specify a
different store).
On Fri, May 10, 2024 at 9:03 AM Ed Guevara via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:
Yes, I have tried the option to create a cert and throws the same error.expired)
That is a good thought on the IBM supplied CAs.. I wonder if there is a
way to wipe them out.
Thanks,
Ed
On Friday, May 10, 2024 at 06:58:11 AM PDT, Brad Stone <
bvstone@xxxxxxxxx> wrote:
Does that error happen right after you select "no, don't create a
certificate in the certificate store"?
Seems weird, but I know old DCM had issues with expired CAs/Certs so if
it's trying to populate the *SYSTEM store with expired CAs (they would be
the ones that IBM supplied and the versions you have are no doubt
that could be the issue.error:
Expired CAs and certs cause havoc for SSL applications and probably DCM
itself.
On Fri, May 10, 2024 at 8:53 AM Ed Guevara via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:
Hi,
I have an old 520 running V5R4 at home as a lab. I want to play around
with SSL, SFTP, HTTPS etc.
When attempting to create the *SYSTEM cert store I am getting this
be"An error occurred during certificate validation. The issuer of the
certificate may not be in the certificate store or the issuer may not
inintermediary
the certificate store or the issuer may not be enabled"
I am familiar with this error, it usually means that root or
relatedcertificates are missing, but in this case there are no certificates toasked
validate, just trying to create the cert store. I am taking "No" when
if I want to create a certificate.list
Any ideas?
Thanks in advance.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
listquestions.--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxxlist
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx--
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
