Sounds like the server you're connecting to doesn't trust the CA who issued 
your certificate.

So who issued the certificate you are using on the iSeries?

Charles Wilt
iSeries Systems Administrator / Developer
Mitsubishi Electric Automotive America
ph: 513-573-4343
fax: 513-398-1121
 

> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx
> [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Patrick 
> L Archibald
> Sent: Wednesday, May 18, 2005 1:24 PM
> To: Midrange Systems Technical Discussion
> Subject: Re: SSL FTP from V5R2 AS/400 to BellSouth
> 
> 
> I found sound error information for the -23. It is "CPDBC97 
> SSL_ERROR_NOT_TRUSTED_ROOT".
> 
> I've added two certificates to the CA trust list for the FTP 
> server and 
> client on my system using DCM. Anyone have any idea what I'm missing?
> 
> Here is the text for MSGID CPDBC97
> 
> Message IDs:          CPDBC97
>  CPDBC97
>    Message . . . . :   Certificate is not signed by a trusted 
> certificate
>      authority.
>    Cause . . . . . :   The Certificate Authority that signed 
> the certificate is
>      not listed as a trusted Certificate Authority (CA) on 
> this system.  If this
>      error occurs during initialization then the local 
> supplied certificate is
>      not signed by a trusted CA.  If this error occurs during 
> handshake
>      processing, the system certificate from at least one of 
> the end points is
>      not signed by a trusted CA.
>    Recovery  . . . :   Either add the Certificate Authority 
> to the list of
>      trusted Certificate Authorities on both end points or 
> obtain a certificate
>      that is signed by a trusted Certificate Authority and 
> associate it with the
>      desired application system certificate.  The Digital 
> Certificate Manager
>      (DCM) can be used to create and modify certificates and 
> to work with
>      Certificate Authorities. If the application is using the
>      SSL_Init_Application() Application Programming Interface 
> (API), ensure the
>      certificate with the trusted Certificate Authority has 
> been associated with
>      the application using either the DCM, or the Register 
> Application for
>      Certificate Use (OPM, QSYRGAP; ILE, 
> QsyRegisterAppForCertUse) API. Ensure
>      the key database file specified on the SSL_Init() API or 
> associated with the
>      application that is using the SSL_Init_Application() 
> API, contains the
>      certificate. If the application is using the
>      gsk_attribute_set_buffer(GSK_OS400_APPLICATION_ID) API, 
> ensure that the
>      desired certificate has been associated with the 
> application using either
>      the DCM, or the Register Application for Certificate Use 
> (OPM, QSYRGAP; ILE,
>      QsyRegisterAppForCertUse) API. Ensure the key data base 
> file specified on
>      the gsk_attribute_set_buffer(GSK_KEYRING_FILE) API or 
> associated with the
>      application if using the 
> gsk_attribute_set_buffer(GSK_OS400_APPLICATION_ID)
>      API, contains the certificate(s).
> 
> 
> 
> Thanx, PLA
> 
> 
> Patrick L Archibald wrote:
> 
> > Hi
> >
> > I am trying get files using SSL FTP from a V5R2 AS/400 to 
> BellSouth. I
> > am getting a return code -23 prior to logging in. Does anyone know 
> > what return code -23 means?
> >
> > I am using the following command:
> >
> > STRTCPFTP RMTSYS(AICXFERTEST.BELLSOUTH.COM) SECCNN(*SSL)
> >
> > Afterwards I get this:
> >
> > Connecting to host AICXFERTEST.BELLSOUTH.COM at address 
> 139.76.142.4 
> > using port 21.
> >
> > 220 <<<Connect:Enterprise UNIX 2.2.00 Secure FTP>>> at aic00387 FTP 
> > server ready. Time = 12:44:18
> >
> > 234 AUTH TLS-C/TLS OK.
> >
> >
> > Secure connection error, return code -23.
> >
> >
> >
> > Thanx, PLA
> >
> >
> >
> 
> -- 
> // 
> // Patrick L Archibald
> // http://www.PatrickArchibald.com
> // http://www.GooseCreekRotary.org
> // http://www.BeeSharp.us
> // http://www.SeveredTiesROCKS.com
> //
> 
> 
> -- 
> This is the Midrange Systems Technical Discussion 
> (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
> 
> 


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.