On May 8, 2023, at 2:48 PM, Pete Helgren <pete@xxxxxxxxxx> wrote:
Yeah, Sectigo was Comodo or something. We were caught on that a while back. But once done, always done. And again, if the CA Root and Intermediate has already been imported, a "bundle" containing them shouldn't be a show stopper...at least it hasn't been for me. LetsEncrypt always included all certs in the .pem file it returns and, like I said, importing that file hasn't been an issue.
I don't use Jesse's stuff (couldn't get it to work in my use case) but as far as I have been able to be determine, the presence of the intermediate and root certs in a .pem cert file shouldn't cause issues once the intermediate and root are present in the *SYSTEM Certificate Store. IOW, you shouldn't bump into this next year unless Sectigo is bought by another entity that chooses to rename the cert....
GIAC Secure Software Programmer-Java
GIAC Cloud Penetration Tester
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals
On 5/8/2023 12:44 PM, Jon Paris wrote:
But that's my problem Pete.--
I buy my certs via Namecheap who sources them from Sectigo. The problem seems to have arisen because the companies in the chain changed their names. Sectigo I think changed last year (but I still had to replace that cert) and this year User Trust made some incompatible changes as well. So although the root-root certs are indeed in the set provided by IBM the two intermediate certs both had to be updated. They were both in the bundle so it wasn't an arduous process once I remembered that I had to manually copy/paste them into separate files and import them. It would just be nice if the DCM automagically did this - or at least processed bundles.
It looks like Jessie's tools (https://github.com/ThePrez/DCM-tools <https://github.com/ThePrez/DCM-tools>) do handle bundles so I'll probably go that way next time.
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.