This has been resolved. (See IBM problem ticket below) Thanks for all
who helped with my problem. It turns out I was missing an Equifax CA.
Thanks again. PLA
ACTION TAKEN: I was able to FTP using SSL to that same site
that you were FTP'ing to - IP address 139.76.142.4.
I didn't get any errors. So I did a trace to see what it
was using and I broke the trace down and saw that they
were using:
Equifax Secure Certificate Authority (expires 08/22/18)
This is different than what your CA trust list shows:
BellSouth Equifax eBusiness CA-1Root certificate: (expires 6/21/20)
Is that "Equifax Secure Certificate Authority" CA on
your system? If it is, you would want to put it also
into the trust list of the OS/400 FTP Client.
If you are current on PTFs, you could create an "Other
Certificate Store" and look at the CA's there and export
the "Equifax Secure Certificate Authority" and then import
it into the *SYSTEM Certificate Store.
Also, I pasted it below and you could save it to Notepad
and just FTP it to the iSeries and then import it as a CA
and trust it.
Equifax Secure Certificate Authority:
-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----
Let us know if that CA is able to work for you.
Regards,
Mark Winter
ACTION PLAN: RQ to NETRSP.
________________________ 05/05/20-14:15--CC ____________________________
Customer Rep: Patrick
Action Taken: Notified customer PMR has been updated
Action Plan: Email-fup
________________________ 05/05/21-09:09--AT ____________________________
*** Electronic update by customer.
***
Additional Information:
Mark
I imported the cert you provided and added it to the trust list for
my FTP Client and IT WORKS! So, should BellSouth have sent me this
or is this something my system was just missing?
Thanx, PLA
________________________ 05/05/21-14:23--AT ____________________________
S7> COMPID= 5722SS1TC
________________________ 05/05/23-08:52--CR ____________________________
S7> COMPID= 5722SS1TC
CUSTOMER REP: Patrick Archibald
ACTION TAKEN: Since the remote site was using "Equifax Secure
Certificate Authority", they should have been able
to send you that CA.
Also, if your system is current on PTFs, it should
have created that CA when the *SYSTEM store was created.
The "Equifax Secure Certificate Authority" is now shipped
with the OS/400. It may have been deleted from you *SYSTEM
store. You could test to see if that CA is on you system
by creating an "Other System Certificate Store" and then
go into that newly created "Other System Certificate
Store" and under"Fast Path" look in "Work with CA
certificates" and you should see it in the list.
Regards,
Mark Winter
ACTION PLAN: RQ to NETRSP.
.
________________________ 05/05/23-09:02--AT ____________________________
*** Electronic update by customer.
*** Electronic close request by customer
*** CUSTOMER REQUESTS THIS PMR TO BE CLOSED
***
Additional Information:
OK. Thank for your help and the knowledge. You can close this
ticket. PLA
Patrick L Archibald wrote:
Hi
I am trying get files using SSL FTP from a V5R2 AS/400 to BellSouth. I
am getting a return code -23 prior to logging in. Does anyone know
what return code -23 means?
I am using the following command:
STRTCPFTP RMTSYS(AICXFERTEST.BELLSOUTH.COM) SECCNN(*SSL)
Afterwards I get this:
Connecting to host AICXFERTEST.BELLSOUTH.COM at address 139.76.142.4
using port 21.
220 <<<Connect:Enterprise UNIX 2.2.00 Secure FTP>>> at aic00387 FTP
server ready. Time = 12:44:18
234 AUTH TLS-C/TLS OK.
Secure connection error, return code -23.
Thanx, PLA
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
