Technically only the last one in the chain (bottom one) is a certificate.
The others are Certificate Authorities (CAs) that validate the authenticity
of the certificate itself.

You should be able to get them on your PC, double click the cert, and go
through each one to see their expirations. I'm sure there are online
validation sites as well where you can load the certificate.

I think that's one reason that you need to import each CA into DCM (or set
up your application to ignore not trusted errors if you're on the client
side)... then it can tell you which ones are expiring vs looking at the
entire chain.

Then again, unless you import them with descriptions you may not know which
CAs go with what certificates and/or applications as many CAs are used by
multiple entities.

Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #10 <https://www.bvstools.com/mailtool.html>: Resend
Emails - When emails are sent using MAILTOOL Plus or another addon, those
emails are logged and you have the ability to resend them one by one, or as
a batch (ie, all unsent emails at once).

On Tue, Jul 7, 2020 at 3:45 PM Jon Paris <jon.paris@xxxxxxxxxxxxxx> wrote:


Having wrestled with SSL problems (eventually diagnosed as an expired
certificate) over the past few days I thought I'd just share a couple of
discoveries with the folks on this list in case it helps someone else down
the road.

1) Your main certificate can be just fine, but if somebody (Mentioning no
names Comodo/Sectigo) has given you a secondary certificate in the bundle
with the wrong expiry date ... Well everything will work until one day you
restart your web server and the universe collapses. Note that in my case
the faulty cert had expired over two weeks before the restart and the
server was working just fine. The certificate in question is from USERTrust
RSA Certification Authority and it expired on May 30th. Comodo/Sectigo
have a replacement that you can download and install.

2) For diagnosing this kind of problem the regular DCM was about as much
use as ... well it is not of much use unless you know what you are looking
for. However, thanks to Steve Pitcher I was introduced to the shiny _new_
DCM which I had not even heard of. For those like me who are up to date on
HTTP PTFs just add /dcm after the 2001: to get the new interface. It is
magical _and_ had I known about the .... thing it would have saved me
hours. Why? Because the expired certificate comes up in a glorious shade of
pink and makes itself glaringly obvious!

Hope this saves someone some time. If nothing else check out the new dcm
- it really is a huge improvement.


Jon Paris
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.