|
On Jun 5, 2019, at 11:07 AM, B Stone <bvstone@xxxxxxxxx> wrote:
If you're having issues exporting CAs from a certificate, check out
this link and the section on doing just that:
https://docs.bvstools.com/home/ssl-documentation
On Wed, Jun 5, 2019 at 9:28 AM Jon Paris <jon.paris@xxxxxxxxxxxxxx> wrote:
Thanks for the link Pete - I was wondering how the heck to check.--
There are two certs in the bundle and these are the details.
It would seem that the issue is that although some of the
correspondence said Comodo the cert is associated with their new name Sectigo.
So that explains why they are not active as a CA in the store - but
that doeswn'rt explain why the DCM errors out when I try to add them as a CA.
I understand the basics behind all this - but surely IBM could make
it easier than this!
Just don't know what to try next.
Jon Paris
www.partner400.com
www.SystemiDeveloper.com
On Jun 4, 2019, at 8:50 PM, Pete Helgren <pete@xxxxxxxxxx> wrote:think you need to go through the whole thing again. I use LetEncrypt
If you generated a CSR and they issued the certificate then I don't
and have renewed multiple times using the same CSR so that has just
been my experience. You can generate a new CSR every time if you
want to. When I request a new certificate from Comodo, I used the
same CSR as well. But, starting with a new CSR shouldn't be any different.....
Comodo before, the CA for Comodo should be in the certificate store.
I don't quite understand why your certificate is failing. If you
had
You may want to open the bundle and then copy the certificate and
paste it into https://www.sslshopper.com/certificate-decoder.html and
see what it shows as the CA and the details of the certificate.
SSLShopper has a bunch of tools to figure out what is going on with
certificates. You can also check your CSR there. But, I doubt the
issue is with the CSR because Comodo wouldn't have signed it
otherwise. Maybe NameCheap as the intermediate is the issue and yes, use the entire bundle as your certificate to import.
They might let you re-generate the CSR and request a new cert. But,
Push come to shove, you can email NameCheap and explain the situation.
it just seems strange to me that you can't renew the certificate.
Not a lot of moving parts to break here......
re-issue?
Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java Twitter - Sys_i_Geek
IBM_i_Geek
On 6/4/2019 5:32 PM, Jon Paris wrote:
And if they have already issued a cert that I can't use they will
just
Of
And it may take seconds when you know what you are doing but ....
Jon Paris
www.partner400.com
www.SystemiDeveloper.com
On Jun 4, 2019, at 6:21 PM, B Stone <bvstone@xxxxxxxxx> wrote:
Takes literally seconds. Not a huge deal. :)
Namecheap will send you the cert, which you can export the CAs from.
abilitycourse you need to do a little domain ownership verification first.
Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #19 <https://www.bvstools.com/mailtool.html>: The
wrote:to turn off "Strict SSL" settings. This means no importing
Certificate Authorities (CAs) unless you want to.
On Tue, Jun 4, 2019 at 5:10 PM Jon Paris
<jon.paris@xxxxxxxxxxxxxx>
again
OK - so I guess to do that I have to start the whole CSR etc. bit
first
Jon Paris
www.partner400.com
www.SystemiDeveloper.com
On Jun 4, 2019, at 4:28 PM, B Stone <bvstone@xxxxxxxxx> wrote:
John,
It's best to simply do a new CSR and import a new certificate
(CAs
IBMof
course). Trying to renew using normal methods is a headache on
the
isi.
So I just simply generate a new CSR each time.wrote:
On Tue, Jun 4, 2019 at 2:19 PM Jon Paris
<jon.paris@xxxxxxxxxxxxxx>
So ....
I already have a cert applied but it is expiring.
Selected to renew it.
Chose to generate a new key pair.
Used the data to request the new key.
Got cert and attempted to apply. Keep getting a message that
there
causedno
such certificate in the store.
Question for those of you who understand all this. Could this
be
previousbecause the new cert is not issued by the same authority as the
for aone? Original was from Comodo - new one from NameCheap - but
the underlying ceret is still from Comodo.
If that is the case, can I still use the certificate that I
have
mailingnew
entry?
Jon Paris
www.partner400.com
www.SystemiDeveloper.com
--
This is the Web Enabling the IBM i (AS/400 and iSeries)
(WEB400)
mailinglist--
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx Before posting,
please take a moment to review the archives at
https://archive.midrange.com/web400.
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailinglist
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx To subscribe,--
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx Before posting,
please take a moment to review the archives at
https://archive.midrange.com/web400.
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing listlist--
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx Before posting,
please take a moment to review the archives at
https://archive.midrange.com/web400.
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
list--To post a message email: WEB400@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx Before posting, please
take a moment to review the archives at
https://archive.midrange.com/web400.
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx Before posting, please
take a moment to review the archives at
https://archive.midrange.com/web400.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing list To post a message email: WEB400@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx Before posting, please
take a moment to review the archives at
https://archive.midrange.com/web400.
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing list To post a message email: WEB400@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx Before posting, please
take a moment to review the archives at
https://archive.midrange.com/web400.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.