Comments inline Brad.

Jon Paris

www.partner400.com
www.SystemiDeveloper.com

On Jun 7, 2019, at 9:56 AM, B Stone <bvstone@xxxxxxxxx> wrote:

On Thu, Jun 6, 2019 at 3:43 PM Jon Paris <jon.paris@xxxxxxxxxxxxxx> wrote:

I think it could use a small update Brad for two reasons. It comes right
at the end and frankly I never saw it.


I have been thinking about splitting the "getting the cert from a browser"
and "exporting CAs from a certificate". Probably a good idea.


Secondly in my case I would still have had an error as the bundle had the
in the opposite order. i.e. I needed to import that last one first. The
note also doesn't mention that there may be more than one cert in the file
and they need splitting up. The earlier parts I did find very useful.


Either we are having a misunderstand in terms or you're doing something
different. I've never imported from the bottom up when viewing the
certificate path. Always been top to bottom, with the bottom being the
actual certificate and the others all CAs. Had one yesterday with 4 CAs in
the chain... new record for me. :)

I think the misunderstanding is that you are working from a position of knowledge as to what the certificate dependency chain is. I was working from the position of someone in desperate need of your document! <grin>
Now imagine my situation (which is the norm for a newbie). I received two files - one the actual cert and the other (it turned out) the CA certs. I had no indication that there was a chain at all or that there were multiple certs in one of the files. Even when I found that out I had no idea why that was or what the sequence for using them was. If I had guessed I would have applied the first on in the file first, and that would have been wrong, It was only after inspecting the certs via the URL Pete supplied that it became obvious that the second one in the file was the root of a chain and therefore probably (I was guessing) needed to be applied first. I would have expected that DCM would have correctly handled the single file but it doesn't.

So yes - top to bottom is obviously the right order (although dependent on which is "bottom" - I might have guessed that "bottom" meant the end of the chain - i.e. the root CA.





And Filezilla is way easier than manual FTP <grin>


For some. :) But I shouldn't need to teach IT people to use FTP in
2019... yet I still do many times a week.

So did I for many years - now I just tell them to use Filezilla.




Jon Paris

www.partner400.com
www.SystemiDeveloper.com

--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.