Pete,
Thank you… I think that is exactly what’s happening (they confirmed as much) and I’m going to make them fix it.
Jack,
Thank you so much for the explanation. That helped me understand it much better.
Brad – I get what you’re saying. I was so frustrated, I simply recompiled my CL to no longer user SECCNN(*SSL). That fixed my immediate problem, LOL. I explained that to IBM… asked them if that’s what they want users doing?
In my case, I had no choice but to correct the issue immediately. A few hours later, I was able to revert.
You all are the best!
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Pete Helgren
Sent: Tuesday, March 31, 2026 3:30 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: Secure connection error, return code 6000 (FTP)
EXTERNAL EMAIL - This email was sent by a person from outside your organization. Exercise caution when clicking links, opening attachments or taking further action, before validating its authenticity.
Greg,
The issue might be that the third party isn't using the full letsencrypt
certificate OR the ftp server isn't configured to use the full chain.
My Letsencrypt certs all have the intermediates included so either the
3rd party FTP server isn't configured correctly, or pulling the full
chain isn't supported or they are "peeling off" just the certificate
part of fullchain.pem AFAIK, Letsencrypt always included the full chain
in fullchain.pem which is the standard file delivered by Letsencrypt.
All you need is the root.
Pete Helgren
https://protect.checkpoint.com/v2/r01/___www.petesworkshop.com___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzozOGZlM2EwYjRiYmY1MDY2YTlmNWIyNTUxNDYyMTNjMzo3OmRhZmQ6ZGI1ZDlhMGFhOTkzMmQ2NDgxZGYzZTIyY2UyODZhNmU5MzU5Yjc3OTkwNmJiYTNjM2QwYzA5NTNmMDQwZDI3YTpwOlQ6Rg
CISSP - MSCM
GIAC Cloud Penetration Tester
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals
On 3/31/2026 10:59 AM, Jack Woehr via MIDRANGE-L wrote:
Gemini types faster than I do.
In a standard TLS handshake, the server is supposed to send its own certificate plus any intermediate CA certificates required to link its certificate back to a trusted Root CA.
*
If the server sends the full chain: Your trust store only needs the Root CA. The client receives the intermediates from the server, verifies the signatures up the chain, and finds the Root in its local store to finalize trust.
*
If the server only sends its leaf certificate: The connection will fail unless the client has the intermediates locally to fill in the "missing links."
________________________________
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx<mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx>> on behalf of Stefan Skoglund <stefan.skoglund@xxxxxxx<mailto:stefan.skoglund@xxxxxxx>>
Sent: Tuesday, March 31, 2026 09:52
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxxxxxxxx>>
Subject: Re: Secure connection error, return code 6000 (FTP)
Why import the intermediary CA's certs ?
That isn't really needed.
Jack WoehrIndependent Consulting Programmer 303-847-8442 jack.woehr@xxxxxxxxxxx<mailto:jack.woehr@xxxxxxxxxxx> https://protect.checkpoint.com/v2/r01/___www.procern.com___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzozOGZlM2EwYjRiYmY1MDY2YTlmNWIyNTUxNDYyMTNjMzo3OjkzM2I6MWM3NmM2YjY2NWM3MWJlMTM1NmQ4MzI3ZWVmZTA3YTEwZDU4NTJkZjZjMmZmOTNiNTAxN2JkZTg5MDA0ZmU5ZDpwOlQ6Rg Stay Connected!Upgrade your IT state of mind!NON-DISCLOSURE NOTICE: This communication including any and all attachments is for the intended recipient(s) only and may contain confidential and privileged information. If you are not the intended recipient of this communication, any disclosure, copying further distribution or use of this communication is prohibited. If you received this communication in error, please contact the sender and delete/destroy all copies of this communication immediately.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit:
https://protect.checkpoint.com/v2/r01/___https://lists.midrange.com/mailman/listinfo/midrange-l___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzozOGZlM2EwYjRiYmY1MDY2YTlmNWIyNTUxNDYyMTNjMzo3OjZjN2U6Y2EzOTVmNTBhODY0ZDg5ZDhmY2UzZGU3MTUxYTMyYzlmZGIwMjk5ODlmOGQwN2UxMTlkMDNiMGM1OTQ1ZWZmMzpwOlQ6Rg<
https://protect.checkpoint.com/v2/r01/___https:/lists.midrange.com/mailman/listinfo/midrange-l___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzozOGZlM2EwYjRiYmY1MDY2YTlmNWIyNTUxNDYyMTNjMzo3OjZjN2U6Y2EzOTVmNTBhODY0ZDg5ZDhmY2UzZGU3MTUxYTMyYzlmZGIwMjk5ODlmOGQwN2UxMTlkMDNiMGM1OTQ1ZWZmMzpwOlQ6Rg>
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at
https://protect.checkpoint.com/v2/r01/___https://archive.midrange.com/midrange-l___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzozOGZlM2EwYjRiYmY1MDY2YTlmNWIyNTUxNDYyMTNjMzo3OmZkN2E6ZjY2OWZlNTQxZDEyOThjMzIwOTY5MjNkOWM5YThmNzY4NzE2OTI5NjZmYjRkMjczMDdmYmNjYTQzNTI0MDhhZDpwOlQ6Rg<
https://protect.checkpoint.com/v2/r01/___https:/archive.midrange.com/midrange-l___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzozOGZlM2EwYjRiYmY1MDY2YTlmNWIyNTUxNDYyMTNjMzo3OmZkN2E6ZjY2OWZlNTQxZDEyOThjMzIwOTY5MjNkOWM5YThmNzY4NzE2OTI5NjZmYjRkMjczMDdmYmNjYTQzNTI0MDhhZDpwOlQ6Rg>.
Please contact support@xxxxxxxxxxxxxxxxxxxx<mailto:support@xxxxxxxxxxxxxxxxxxxx> for any subscription related questions.
Greg Wilburn
Director of IT
301.895.3792 ext. 1231
midrange.com
