Agreed Pete - but that was what I thought last year!

Great to see you again in Denver by the way. Been a long time.

Jon P.

On May 8, 2023, at 2:48 PM, Pete Helgren <pete@xxxxxxxxxx> wrote:

Yeah, Sectigo was Comodo or something. We were caught on that a while back. But once done, always done. And again, if the CA Root and Intermediate has already been imported, a "bundle" containing them shouldn't be a show least it hasn't been for me. LetsEncrypt always included all certs in the .pem file it returns and, like I said, importing that file hasn't been an issue.

I don't use Jesse's stuff (couldn't get it to work in my use case) but as far as I have been able to be determine, the presence of the intermediate and root certs in a .pem cert file shouldn't cause issues once the intermediate and root are present in the *SYSTEM Certificate Store. IOW, you shouldn't bump into this next year unless Sectigo is bought by another entity that chooses to rename the cert....

Pete Helgren
GIAC Secure Software Programmer-Java
GIAC Cloud Penetration Tester
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals

On 5/8/2023 12:44 PM, Jon Paris wrote:
But that's my problem Pete.

I buy my certs via Namecheap who sources them from Sectigo. The problem seems to have arisen because the companies in the chain changed their names. Sectigo I think changed last year (but I still had to replace that cert) and this year User Trust made some incompatible changes as well. So although the root-root certs are indeed in the set provided by IBM the two intermediate certs both had to be updated. They were both in the bundle so it wasn't an arduous process once I remembered that I had to manually copy/paste them into separate files and import them. It would just be nice if the DCM automagically did this - or at least processed bundles.

It looks like Jessie's tools ( <>) do handle bundles so I'll probably go that way next time.

Jon P.
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2023 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.